Enabling SSL on JBoss AS

If you want to apply security to the connections between the server and remote clients, you can enable SSL on JBoss AS, to do that, on JBoss AS 6.1.0 perform the following steps:

1.- The Java Development Kit includes a command to create certificates, keytool, but first you must generate a new key pair. From a command line enter:

keytool -genkey -alias isomorphic -keyalg RSA -keystore <PATH_KEYSTORE>/isomorphic.keystore -validity 180
 

And fill in the required information as explained below.

alias: the name of our new key.
<PATH_KEYSTORE>: The path to the key store location. Note: If it does not exist, one will be created.
isomorphic.keystore: This is the name of the key store. If one doesn't exist, you can use any name, but make sure it has an extension of ".keystore". This is our new key store.

Note. By default, the name of the key store is .keystore and is generated in the user's home directory, just in case you do not provide
a destination path(<PATH_KEYSTORE>) and a name.

2.- Move the new isomorphic.keystore file to <JBOSS_HOME>/server/default/conf/

3.- Now you have to generate a new self-signed certificate or you can buy one from an authorized provider.
To generate a self-signed certificate, from the command line enter:

keytool -export -alias isomorphic -file <PATH_DESTINATION>/isomorphic.cer -keystore <PATH_KEYSTORE>/isomorphic.keystore
 

where:
<PATH_DESTINATION>: Path to where the new certificate should be generated
<PATH_KEYSTORE>:  Path to the key store.

4.- Now, import the certificate to the trust store, From command line enter:

keytool -import -alias isomorphic -file <PATH_CERTIFICATE>/isomorphic.cer -keystore <PATH_DESTINATION>/isomorphic.truststore
 

where:
<PATH_CERTIFICATE>: Path to the new certificate.
<PATH_DESTINATION>: Path to where the new.trust store file should be generated

5.- Now, update the server.xml configuration file located in <JBOSS_HOME>/server/default/deploy/jbossweb.sar/

Locate the following:      <!-- SSL/TLS Connector……

Uncomment the code and amend the configuration so that your code now looks like this:

<Connector protocol="HTTP/1.1" SSLEnabled="true"
    port="443" address="${jboss.bind.address}"
    maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
    emptySessionPath="true"
    scheme="https" secure="true" clientAuth="false"
    keystoreFile="${jboss.server.home.dir}/conf/isomorphic.keystore"
    keystorePass="isomorphic" sslProtocol = "TLS" />

Finally, restart the server.