Sometimes you need a self signed certificate to use SSL with your JBoss installation. This is a small how-to that tells you the essential steps to do that.
# Creating the Keystore #
Creating a keystore to store certificates that JBoss can use.
keytool -genkey -alias $MYDOMAIN -keyalg RSA ↵
-keystore my.keystoreYou will be asked for a password to this keystore, just set any password you like. Furthermore you will need to enter some more information, just enter whatever you like – you only need these values to be correct if you are going to sign the certificate at your Certificate Authority.
# Creating a Certificate Request #
Then we need to create a Certificate Request.
keytool -certreq -keystore my.keystore ↵
-alias $MYDOMAIN -file myserver.csrNormally you would want to send this Certificate Request to your Certificate Authority to sign it. That way browsers would accept your certificate without complaining. But we only need this certificate for our local development machine, so don’t worry about a security exception. You need to accept this certificate within your browser, though.
# Configuring JBoss #
You need to change this file to enable SSL with our created certificate: $JBOSS_HOME/server/default/deploy/jbossweb-tomcat50.sar/server.xml. Look for the following lines and uncomment them:
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/ssl/my.keystore"
keystorePass="KEYSTORE_PASSWORD" sslProtocol = "TLS" />
At last we need to copy your keystore to the proper place:
mkdir $JBOSS_HOME/server/default/conf/ssl
cp my.keystore $JBOSS_HOME/server/default/conf/ssl/
After a JBoss restart you can now use the https connection.
# See also #
This how-to is a short version of [SSL mit JBoss (german)](http://www.hackerwiki.org/index.php/SSL_mit_JBoss).
