How to SSLize User Application on JBoss using eDirectory's Certificate Authority for Linux

over 9 years ago

Here's what you need to do:

  1. Export the eDirectory CA's Self-Signed Certificate as Base64 to ca.b64 using iManager
  2. openssl genrsa -des3 -out certificate-key.pem 4096
  3. openssl req -new -key certificate-key.pem -out certificate-req.pem (Common Name of your JBoss's server eg:, leave Email field blank).
  4. Issue TLS/SSL Server certificate to DER format through iManager.
  5. openssl x509 -inform DER -outform PEM -in certificate.der -out certificate.pem
  6. openssl pkcs12 -export -in certificate.pem -inkey certificate-key.pem -certfile ca.b64 -out certificate.pfx -name ""
  7. Create the CA keystore for JBoss providing a keystore password: keytool -import -trustcacerts -alias root -file ca.b64 -keystore ca.jks
  8. Grab org.mortbay.jetty.jar and run the following providing a keystore password: java -classpath org.mortbay.jetty.jar org.mortbay.util.PKCS12Import certificate.pfx cert.jks
  9. Copy both .jks files to {path_to_userapp}/jboss/server/IDMProv/conf/
  10. Edit {path_to_userapp}/jboss/server/IDMProv/deploy/jbossweb.sar/server.xml adding the following after the <Connector port="8080"... entry, entering the Pass phrases entered in step 8 (User App from IDM 4 onwards increased the HTTP and HTTPS ports by a factor of 100, so the result will be :8543) : <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="${jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/cert.jks" keystorePass="xxxxxxxx" trustStoreFile="${jboss.server.home.dir}/conf/ca.jks" trustStorePass="xxxxxxxx" sslProtocol="TLS" />
  11. Start User App

You should now consider following some of the steps outlined in my other article, Securing JBoss with User Application.


Support Tip
Comment List
Related Discussions