Using SSL With JBOSS

(1) Generate the keystore using the following command. You will need to enter kestore password, personal information and key password during this step.
keytool -genkey -alias myserver -keyalg RSA -keystore C:\dev\keystore\myserver.keystore

(2) Make sure the the keystore is generated successfully by using the following command.
keytool -list -v -keystore C:\dev\keystore\myserver.keystore

(3) Copy the myserver.keystore file to <<JBOSS_PATH>>\server\default\conf folder.

(4) Add/Uncomment the below Connector tag to <<JBOSS_PATH>>\server\default\deploy\jboss-web.deployer\server.xml file. The keystorePass in this tag reflects the same password used in step (1).

<Connector port=”443″ address=”${jboss.bind.address}” protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true” clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”${jboss.server.home.dir}/conf/myserver.keystore” keystorePass=”mypassword” />

(5) Start/Restart JBOSS and try the below URL. You should be able to see the usual JBOSS Admin console page.

SSL for Rich Client Applications connecting to SSL-enabled JBOSS

(a) Geneate the jssecacerts file by running the below two (2) commands.
keytool -export -alias myserver -keystore C:\dev\keystore\myserver.keystore -file C:\dev\keystore\myserver.cer
keytool -import -alias myserver -file C:\dev\keystore\myserver.cer -keystore C:\dev\keystore\jssecacerts

(b) Copy the jssecacerts to client JRE’s lib\security folder.

(c) Make sure the client application executes the below code before it makes a remote call to JBOSS.

* Handler to verify host names during the negotiation phase of SSL connections.
private void verifyHostNameDuringSslNegotiation() {
  try {
      new HostnameVerifier() {
        public boolean verify(String hostbname, SSLSession sess)
		       return true;
  } catch (Exception e) {
	   // IGNORE

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

AddThis Social Bookmark Button

Similar Posts

Comments are closed.