Atención, las instrucciones se encuentran en idioma inglés, próximamente las tendremos en español.
After you receive the SSL certificate files from your Certificate Authority, you can proceed with the SSL installation.
For this demonstration, we’ll assume that you’re using a Tomcat or Jetty servlet.
Prepare your SSL Certificate files
- Your CA should send you all the files in a ZIP archive to your email. Download the ZIP archive and extract the SSL files. Make sure you have the following files:
- The primary SSL certificate in a x509/.cer/.crt/.pem
- The intermediate SSL Certificate with the .ca-bundle extension
- The Private Key file with .key extension that you’ve generated on the same server along with your CSR code
- Copy the contents of your SSL Certificate including the —–BEGIN CERTIFICATE—– and—–END CERTIFICATE—– tags into a text editor and save the file with .crt
- Do the same with your .ca-bundle file. Copy-paste the code into a single file and save it as .crt.
Install the SSL Certificate on JBoss
Import the SSL Certificate into the keystore by running the following command:
keytool -import -alias your_alias_name -trustcacerts -file ssl_certificate.crt -keystore your_keystore_filename
Note: Please, enter the Alias and Keystore names that you’ve used during the CSR and Private Key generation.
Tomcat
- Locate the server.xml configuration file and open it
- Use the ctrl+F search function and find the “Uncomment this for SSL support” line
- Uncomment the following section and add your server key location
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port"
value="8443"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
<Parameter name="keystore" value="/usr/java/jakarta-tomcat-3.2.2/server.keystore" />
<Parameter name="keypass" value="changeit" />
</Connector> - Copy the JSSE jars to $TOMCAT_HOME/lib directory.
Jetty
- Locate the part in the $JBOSS_JETTY_HOME/conf/jetty/jetty.xml configuration file that should begin with, “Uncomment this to add an SSL listener”
- Uncomment the following part, and insert the location of your server key.
<Call name="addListener">
<Arg>
<New class="com.mortbay.HTTP.SunJsseListener">
<Set name="Port">8443</Set>
<Set name="MinThreads">5</Set>
<Set name="MaxThreads">255</Set>
<Set name="MaxIdleTimeMs">50000</Set>
<Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/etc/server.keystore</Set>
<Set name="Password">changeit</Set>
<Set name="KeyPassword">changeit</Set>
</New>
</Arg>
</Call> - Restart your JBoss server. Congratulations, now you know how to install an SSL Certificate on JBoss.
