How to enable httpS on JBoss?

Generate the Certificate:
C:\Java\bin\keytool -genkey -keystore C:\keys\mycertifcate.jks

You will be prompted with following questions.

1. Enter keystore password: 123456
Re-enter new password: 123456
2. What is your first and last name?
[Unknown]: mydomain
3. What is the name of your organizational unit?
[Unknown]: whatever
4. What is the name of your organization?
[Unknown]: whatever
5. What is the name of your City or Locality?
[Unknown]: whatever
6. What is the name of your State or Province?
[Unknown]: NY
7. What is the two-letter country code for this unit?
[Unknown]: US
8. Is CN=mydomain, OU=whatever, O=whatever, L=whatever, ST=NY, C=US correct?
[no]: yes

9. Enter key password for
(RETURN if same as keystore password):

In Step 2 above, where it asks for First/Last Name, you may have to enter the domain name in which you operate. Although i am not sure of this.

Place the Certificate in JBoss conf dir:
Place the mycertificate.jks inside <JBOSS_HOME>\conf\ directory.

Configure the server.xml https connector:
In this file:

Make sure the following lines are as follows (and uncommented):
<Connector port=”8443″ address=”${jboss.bind.address}”
maxThreads=”100″ strategy=”ms” maxHttpHeaderSize=”8192″
scheme=”https” secure=”true” clientAuth=”false”
keystorePass=”123456” sslProtocol = “TLS” />

That’s it! Tested on JBoss 4x.

NOTE: When i tried this in Linux machine, for some reason, if the first step of Certificate generation was done on Linux machine, that certificate would never work. I do not know why. So, in that case i generated it on my win desktop and transferred it to Linux machine and used it.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: