How to Install an SSL Certificate on JBOSS?

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...
Configure SSL/TLS in JBoss

Introduction

Want to install an SSL certificate on JBOSS? If yes, then you have landed on the right article. In this piece, we will explain – how to accomplish the same with the help of simple and straightforward steps.

Before moving forward, don’t forget to Purchase an SSL Certificate from Trusted CA.

Configuring SSL for JBoss Application Server

To install an SSL cert on JBOSS there are three steps that need to be performed. Those three steps are:

  1. Create a CSR on the JBOSS server
  2. Prepare the SSL cert files
  3. Import the SSL cert on JBOSS

Step 1: Create a CSR on the JB86543SS Server

To create a CSR on the JBOSS server, the first thing that you must do is to create a keystore & private key. A keystore is a repository that stores the – Private Key. Once the keystore has been created, you will then generate CSR from it.

Let’s explore how to do these two things in detail:

Create a Keystore & Private Key

Follow the steps mentioned below to create a keystore and private key:

  • Run the keytool -genkey -alias create_Privatkey_Alias -keyalg RSA -keystore path_and_create_KeystoreFilename.jks –keysize 2048 command. (Specify Privatekey alias and remember it).
  • Type the password for the keystore.
  • Re-enter the password to confirm it.
  • Fill out the details as per the instructions given below-
  • In the What is your first and last name? Common Name (CN) field, type the fully qualified domain name (FQDN) you want to shield.
  • In the What is the name of your organizational unit? (OU) field, type the department name.
  • In the What is the name of your organization? (O) field, type the full legal name of the organization.
  • In the What is the name of your city or locality? (L) field, type the name of the city where the organization is situated or located.
  • In the What is the name of your state or province? (ST) field, type the name of the state where the organization is located.
  • In the What is the two-letter country code for this unit? (C) field, type the two letter code of the country where the organization is situated.
  • Verify all the details.
  • Type Y.
  • Press Enter.
  • Enter the key password for the Alias.
  • Press Enter.

Generate the CSR from the Keystore

Follow the steps mentioned below to create a CSR from the keystore:

  • Run the keytool -certreq -keyalg RSA -alias your_privatekey_alias -file your_csr_file.csr -keystore your_keystore_filename.jks command.
  • Make a backup of the keystore file.
  • Use a text editor to open a CSR (.csv) file.
  • Copy all its content.
  • Paste all the copied content on the SSL cert order page.
  • After successful validation, the Certificate Authority will send you the SSL cert files on the registered email ID.

Step 2: Prepare the SSL Certificate Files

You will receive the SSL cert files through email in the form of a .zip folder. Unzip the folder and extract all its content.

Verify that all these files are there:

  • Primary SSL certificate with any one of these extensions- .cer, .crt, and .pem)
  • Intermediate SSL certificate having the .ca-bundle extension
  • Private Key file having the .key extension

Once verified, perform the following steps:

  • Open the Notepad.
  • Copy all the content of the primary SSL cert including the —–BEGIN CERTIFICATE—– and—–END CERTIFICATE—– tags.
  • Paste the content in the Notepad.
  • Save the Notepad with the .crt extension. (ex – Notepad1.crt)
  • Copy all the content of the intermediate SSL cert including the —–BEGIN CERTIFICATE—– and—–END CERTIFICATE—– tags.
  • Paste the content in the Notepad1.crt.

Step 3: Import the SSL cert on JBOSS

Follow the steps mentioned below to import SSL cert on JBOSS:

  • Run the keytool -import -alias your_alias_name -trustcacerts -file ssl_certificate.crt -keystore your_keystore_filename command to import the SSL cert into the keystore.
  • Enter the Alias and Keystore names that were utilized while generating CSR & Private Key.

If you are using Tomcat, follow the steps mentioned under scenario 1. If you are using Jetty, follow the steps mentioned under scenario 2.

Case 1: Using Tomcat

  • Locate and open the server.xml configuration file.
  • Find the Uncomment this for SSL support line by using the find-shortcut (Ctrl + F).
  • Uncomment the below sections and add the server key location:
<Connector className=" org.apache. Tomcat.service.PoolTcpConnector">
<Parameter name= "handler" value= "org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name= "port" value= "8443"/> 
<Parameter name= "socketFactory" value="org.apache.tomcat.net.SSLSocketFactory" />
<Parameter name="keystore" value="/usr/java/jakarta-tomcat-3.2.2/server.keystore" />
<Parameter name="keypass" value="changeit" />
</Connector>
  • Copy the JSSE jars.
  • Paste it to the $TOMCAT_HOME/lib directory.

Case 2: Using Jetty

  • Find the part in the $JBOSS_JETTY_HOME/conf/jetty/jetty.xml configuration file. It should start with – Uncomment this to add an SSL listener.
  • Uncomment the below part and the location of the server key:
<Call name="addListener">
<Arg>
<New class="com.mortbay.HTTP.SunJsseListener">
<Set name="Port">8443</Set>
<Set name="MinThreads">5</Set>
<Set name="MaxThreads">255</Set>
<Set name="MaxIdleTimeMs">50000</Set>
<Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/etc/server.keystore</Set>
<Set name="Password">changeit</Set>
<Set name="KeyPassword">changeit</Set>
</New>
</Arg>
</Call>
  • Restart the JBoss server.

Kudoss!! You have successfully installed the SSL certificate on the JBOSS server.

Test the Installation Status 

To test the installation of the SSL cert on the JBOSS server, use any of the SSL installation testing tools.

These tools provide a detailed and in-depth analysis of the SSL installation and provide a through report.

SSL Certificate Installation Service

Get our Affordable SSL Installation Service and Let our Experts Configure or Install your SSL Cert to Web Server.

SSL/TLS Certificates Installation @ $29.99