This is how I configured JBoss to handle HTTPS requests for secure ATG applications.
- Create the keystore and private key.
$ cd /opt/jboss/jboss-eap-4.3/jboss-as/server/atg/conf $ keytool -genkey -alias jbosskey -keyalg RSA -keystore server.keystore
- Generate and store the certificate.
$ keytool -export -alias jbosskey -file server.crt -keystore server.keystore $ keytool -import -alias jbosscert -file server.crt -keystore server.keystore
- Enable HTTPS.
$ vi /opt/jboss/jboss-eap-4.3/jboss-as/server/atg/deploy/jboss-web.deployer/server.xml
Uncomment SSL HTTP/1.1 Connector section and edit. For example:
<Connector port="8443" address="${jboss.bind.address}" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="${jboss.server.home.dir}/conf/server.keystore" keystorePass="letmein" /> - Start JBoss with keystore specified. On UNIX you can do this by updating run.conf. For example:
JAVA_OPTS="-Xms128m -Xmx512m -XX:MaxPermSize=128m -Djavax.net.ssl.trustStore=/opt/jboss/jboss-eap-4.3/jboss-as/server/atg/conf/server.keystore -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.lang.ClassLoader.allowArraySyntax=true"
Note that if you are using service bindings (i.e. uncommented service bindings section of conf/jboss-service.xml) then the bindings in the XML configuration file (e.g. sample-bindings.xml) will take precedence. In this case the secure port becomes 8543.
For further reading please see HOWTO Configure JBoss for HTTPS.