There are a few web pages that describe configuring Secure Socket Layer (SSL) for JBoss, but most gloss over some of the details.
Deep inside the guts of JBoss is an instance of another server called Tomcat, and when it comes to using SSL and HTTPS, JBoss delegates all the implementation stuff to that bundled Tomcat installation. As a result, some of the instructions for implementing SSL come directly from Tomcat documentation. For example, I used this document to start figuring out how to enable SSL.
Before starting, there are two things to ascertain:
For the purposes of this write-up, we will describe setting up JBoss to use a temporary, self-signed SSL Certificate. Also, we'll assume that you're installing under Windows.
There are essentially three steps:
The Java Developer's Kit includes a utility to create certificates. Go to a command line and type the following:
keytool -genkey -alias tomcat -keyalg RSA
There are some prompts that look like this:
Notice that there are two prompts for the password. That's because there's one password for the keystore, and one password for the actual key.
One of the things that the tool isn't very good about is telling you where it created that keystore. By default, the keygen tool puts information in the "Documents and Settings" directory for your userid. In the example, above, we'd find that they keystore has been created as a file called:
C:\Documents and Settings\mcgradyt\.keystore
C:\Program Files\jboss-4.0.3\server\default\conf
First up, you should probably shut down the JBoss server as you do this step.
In the JBoss directory, there should be a file called server.xml:
C:\Program Files\jboss-4.0.3\server\default\deploy\jbossweb-tomcat55.sar\server.xml
<!-- SSL/TLS Connector configuration using the admin devl guide keystore <Connector port="8443" address="${jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore" keystorePass="rmi+ssl" sslProtocol = "TLS" /> -->
The end result should look something like this:
<!-- SSL/TLS Connector configuration using the admin devl guide keystore --> <Connector port="443" address="${jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore" keystorePass="changeit" sslProtocol = "TLS" /> <!-- -->