Enabling SSL on JBoss

How to enable SSL on JBoss 4.2

I am going to explain how to enable JBoss to accept SSL connection and also how to make JBoss to connect to a database which only accepts SSL connections.

I am using JBoss-eap-4.2 and Postgres8.1

My Postgres is configured to accept on SSL connections.

Firstly, lets enable ssl for jboss.

JBoss uses JSEE, the Java Secure Socket Extension (JSSE), for SSL. To start we need a public key/private key pair in the form of an X509 certificate for use by the SSL server sockets. Let us create a self-signed certificate using the JDK keytool. It was created using the following command and input:

keytool -genkey -keystore “NAME_OF_YOUR_KEYSTORE” -storepass “STOREPASS _OF_YOUR_KEYSTORE” –keypass “KEYPASS_OF_YOUR_KEYSTORE” -keyalg RSA -alias “ALIAS_OF_YOUR_KEYSTORE” -validity 3650 -dname

“cn=myKeystore,ou=jboss admin,dc=jboss,dc=org”

“NAME_OF_YOUR_KEYSTORE” = myKeystore.keystore

“NAME_OF_YOUR_KEYSTORE” = myKeystore

“STOREPASS_OF_YOUR_KEYSTORE” = rmi+ssl

“KEYPASS_OF_YOUR_KEYSTORE” = rmi+ssl

Finally it is :

keytool -genkey -keystore myKeystore.keystore -storepass rmi+ssl –keypass rmi+ssl -keyalg RSA -alias myKeystore -validity 3650 -dname”cn=myKeystore,ou=jboss admin,dc=jboss,dc=org”

You can view your keyStore file if you want to using this command

keytool -list -v –keystore myKeystore.keystore

Then copy the keystore file in the conf directory of ur jboss configuration.

jboss-eap-4.2\jboss-as\server\default\conf

in your case it could be

jboss4.x\server\default\conf

Now open the server.xml file in your conf directory :

jboss-eap-4.2\jboss-as\server\default\deploy\jboss-web.deployer

in your case it could be

jboss4.x\server\default\deploy\jboss-web.deployer

uncomment this block

<!–

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”

maxThreads=”150″ scheme=”https” secure=”true”

clientAuth=”false” sslProtocol=”TLS” />

–>

And add these things

<Connector port=“THE_PORT_YOU_LIKE”

protocol=“HTTP/1.1” SSLEnabled=“true”

maxThreads=“150” scheme=“https”

secure=“true” clientAuth=“false”

keystoreFile=“${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”

keystorePass=“PASSWORD_FOR_THE_KEYSTORE”

truststoreFile=“${jboss.server.home.dir}/conf/THE_KEYSTORE_NAME”

truststorePass=“PASSWORD_FOR_THE_KEYSTORE”

sslProtocol=“TLS”/>

And it is done. Now start the jboss and type the url

https://ipaddress:8443 or https://localhost:8443

and its done.

If you don’t want to access your jboss server via 8080 port then you need to disable the connector 8080 in the server.xml file located at

jboss-eap-4.2\jboss-as\server\default\deploy\jboss-web.deployer

in your case it could be

jboss4.x\server\default\deploy\jboss-web.deployer

Advertisements