Jboss Tomcat Https Configuration

This post is to enable https configuration using a self-signed certificate on a Jboss application server. 

There are few common steps we can use to configure https on tomcat server.

• Pre-requsite
• Instructions assume that jdk and jboss installation is done without any error.
• Generating certificates and keystore private using keytool
• Creating the keystore and private key

1.Open a Command-line or Terminal window and go to %JBOSS_HOME%/server/default/conf.

2.Execute "keytool -genkey -alias jbosskey -keypass changeit -keyalg RSA -keystore server.keystore" .

   (use host name as first and last name)

     3.server.keystore is generated.

     4.Execute "keytool -list -keystore server.keystore".

• Generating and storing the certificate.

   1. Execute 

"keytool -export -alias jbosskey -keypass changeit -file server.crt - keystore server.keystore". 

   2. server.crt is generated.

   3. Execute 

"keytool -import -alias jbosscert -keypass changeit -file server.crt -keystore server.keystore".

   4. Execute "keytool -list -keystore server.keystore". User will see see a TrustedCertEntry named jbosscert in the listing.

• Jboss Configuration 
• JVM parameter 

Edit %JBOSS_HOME%/bin/run.bat file add following jvm argument in "JAVA_OPTS" of server

"-Djavax.net.debug=SSL
-Djavax.net.ssl.trustStore=%JBOSS_HOME%\server\default\conf\server.keystore
-Djavax.net.ssl.keyStorePassword=changeit"

• JBoss Web Configuration 

1. Edit %JBOSS_HOME%\server\default\deploy\jboss-web.deployer\server.xml and add following "<connector>". In case of tomcat we will configure following 

in %TOMCAT_HOME%\server\conf\server.xml

• Basic Configuration  

<Connector port="8443" 
      minSpareThreads="5" maxSpareThreads="75"
      enableLookups="true" disableUploadTimeout="true" 
      acceptCount="100"  maxThreads="200"
      scheme="https" secure="true" SSLEnabled="true"
      keystoreFile="/conf/server.keystore" keystorePass="changeit"
      clientAuth="false" sslProtocol="TLS"/>

• With protocal parameter

<Connector
           protocol="org.apache.coyote.http11.Http11Protocol"
           port="8443" minSpareThreads="5" maxSpareThreads="75"
           enableLookups="true" disableUploadTimeout="true" 
           acceptCount="100"  maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="conf/server.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>

2. Goto %JBOSS_HOME%\bin and start jboss server with following arguments. Jboss server starts without any error. Following message will apear in console log cause we set "-Djavax.net.debug=SSL".

In above picture of jboss console log user can notice that jboss as server 8443 port is now enable with https and server.keystore and server.cert .

• Post configuration testing  

Now click -> https://localhost:8443

    "This Connection is Untrusted" 

above message will appear.

• Steps to add certificates

1. Start -> ControlPanel -> Internet Options

2. switch to Content tab.

3. click on certificates 

4. select Trusted Root Certification Authorities 

5. click Import . Certificate Import Wizard window will appear.

6. click next -> File to import window is visible now . choose %JBOSS_HOME\bin\server.cert .  click next.

7. CertificateStore window is visible now. choose which store certificate need to be store. click next . 

Now click -> again https://localhost:8443

We will be able to see SSL handshake log in our server console log

References :

·         Advance jboss web configuration

·         Tomcat 7.x ssl advance setup

·         Keytool help

European Union laws require you to give European Union visitors information about cookies used on your blog. In many cases, these laws also require you to obtain consent.

As a courtesy, we have added a notice on your blog to explain Google's use of certain Blogger and Google cookies, including use of Google Analytics and AdSense cookies.