Configuring JBoss for HTTPS

Keys 1 by ~Brenda-Starr~

This is how I configured JBoss to handle HTTPS requests for secure ATG applications.

  1. Create the keystore and private key.
    $ cd /opt/jboss/jboss-eap-4.3/jboss-as/server/atg/conf
    $ keytool -genkey -alias jbosskey -keyalg RSA -keystore server.keystore
  2. Generate and store the certificate.
    $ keytool -export -alias jbosskey -file server.crt -keystore server.keystore
    $ keytool -import -alias jbosscert -file server.crt -keystore server.keystore
  3. Enable HTTPS.
    $ vi /opt/jboss/jboss-eap-4.3/jboss-as/server/atg/deploy/jboss-web.deployer/server.xml

    Uncomment SSL HTTP/1.1 Connector section and edit. For example:

        <Connector port="8443" address="${jboss.bind.address}"
                   protocol="HTTP/1.1" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS"
                   keystorePass="letmein" />
  4. Start JBoss with keystore specified. On UNIX you can do this by updating run.conf. For example:
    JAVA_OPTS="-Xms128m -Xmx512m -XX:MaxPermSize=128m -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.lang.ClassLoader.allowArraySyntax=true"

Note that if you are using service bindings (i.e. uncommented service bindings section of conf/jboss-service.xml) then the bindings in the XML configuration file (e.g. sample-bindings.xml) will take precedence. In this case the secure port becomes 8543.

For further reading please see HOWTO Configure JBoss for HTTPS.

Leave a Reply

Your email address will not be published. Required fields are marked *