Configuring JBoss SSL

1. 用keytool生成server.keystore文件
keytool -genkey -alias tc-ssl -keyalg RSA -keystore c:\server.keystore -validity 3650

生成完后放入server\default\conf中

 

2. 配置server\default\deploy\jbossweb-tomcat55.sar\server.xml文件
     <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
      <Connector port="8443" address="${jboss.bind.address}"
           maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
           emptySessionPath="true"
           scheme="https" secure="true" clientAuth="false"
           keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
           keystorePass="als123" sslProtocol = "TLS" />
           
3. 访问https://localhost:8443/jmx-console/index.jsp，可以了。
   同时http://localhost:8080/jmx-console/index.jsp也可以访问，如果将http转向到https: 修改WEB应用的web.xml
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>HtmlAdaptor</web-resource-name>
            <description>An example security config</description>
            <url-pattern>/</url-pattern>
            <!-- <http-method>GET</http-method>
           <http-method>POST</http-method> -->
        </web-resource-collection>
        <!--<auth-constraint>
       <role-name>JBossAdmin</role-name>
       </auth-constraint> -->
        <user-data-constraint>
            <description>Protection should be CONFIDENTIAL</description>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

 

4.Installing an SSL Certificate

    We purchased an SSL Certificate from Verisign.
The company offers excellent documentations and instructions on how to install the certificate on their website. Once you purcahse the certificate Verisign we email the you the certificate only after you go through the process of getting all the information they require to verify the web server and wesite.
Below I included a screenshot of the installation process. It is a simply as using one of the java apache tools to install the certificate in the keystore file.