Jboss Server SSL Certificate Installation Guide

1. Get the server certificate

Paste the server certificate contents (including "-----Begin CERTIFICATE-----" and "-----End CERTIFICATE-----") from begin to end in the certificate issuance message into a text editor such as Notepad, and modify the file name extension , Save as Server.cer file

2. Get the CA certificate

Paste the two CA certificate contents (including "-----Begin CERTIFICATE-----" and "-----End CERTIFICATE-----") from begin to end in the certificate issuance message into a text editor such as Notepad, respectively, and modify the file name extension to save as Ca1.ce R and Ca2.cer files.

3. View the contents of the KeyStore file

Go to the Bin directory under the JDK installation directory and run the Keytool command to query the KeyStore file information.

Keytool-list-keystore D:\keystore.jks-storepass Password

650) this.width=650; "Width=" 677 "height=" 279 "alt=" View KeyStore file Contents "src=" http://www.evtrust.com/support/images/ Jboss-ssl-3.png "/>

The private key alias (alias) that is queried to the privatekeyentry (or Keyentry) property is server. Remember the alias, which you will need to import the server certificate later (the Bold section in the example is a customizable section and can be modified as appropriate depending on the actual configuration).

Note that when you import a certificate, be sure to use the Keystore.jks file that is generated when you generate the certificate request file. Keystore.jks file is missing or a new Keystore.jks file is generated, your server certificate will not be imported correctly.

4. Import the certificate (if there is only one CA certificate, you only need to import a single CA certificate)

Import the first intermediate CA certificate

Keytool-import-alias Ca1-keystore D:\keystore.jks-trustcacerts-storepass password-file D:\ca1.cer-noprompt

Import the second intermediate CA certificate

Keytool-import-alias Ca2-keystore D:\keystore.jks-trustcacerts-storepass password-file D:\ca2.cer-noprompt

650) this.width=650; "Width=" 677 "height=" 212 "alt=" Import intermediate CA Certificate "src=" http://www.evtrust.com/support/images/ Jboss-ssl-4.png "/>

Import server Certificate

Keytool-import-alias?server-keystore D:\keystore.jks-trustcacerts-storepass password-keypass password-file D:\serv Er.cer

650) this.width=650; "Width=" 677 "height=" alt= "Import server Certificate" src= "http://www.evtrust.com/support/images/ Jboss-ssl-6.png "/>

When you import a server certificate, the alias of the server certificate must be the same as the private key alias. Note that when you import the intermediate CA certificate and import the server certificate, if you use an alias that is inconsistent with the private key alias when you import the server certificate, you will be prompted for "authentication has been added to KeyStore" instead of the "authentication reply installed in KeyStore".

Certificate Import complete, run the Keystool command to view the contents of the KeyStore file again

Keytool-list-keystore D:\keystore.jks-storepass Password

650) this.width=650; "Width=" 677 "height=" 317 "alt=" View KeyStore file Contents "src=" http://www.evtrust.com/support/images/ Jboss-ssl-5.png "/>

Third, install the server certificate

1. Configure JBoss

Open the Server.xml file in the Server\default\deploy\jbossweb.sar directory under the JBoss installation directory and locate and modify the following

<!--SSL/TLS Connector configuration using the admin DEVL guide KeyStore

<connector protocol= "http/1.1" sslenabled= "true"

Port= "8443" address= "${jboss.bind.address}"

Scheme= "https" secure= "true" Clientauth= "false"

Keystorefile= "${jboss.server.home.dir}/conf/chap8.keystore"

keystorepass= "Rmi+ssl" Sslprotocol = "TLS"/>

SSL Access Port

--Revision changed to

<connector protocol= "http/1.1" sslenabled= "true"

port= "443" address= "${jboss.bind.address}"

Scheme= "https" secure= "true" Clientauth= "false"

Keystorefile= "C:\keystore.jks"

keystorepass= "password" sslprotocol = "TLS"/>

The default SSL access port number is 443, and if you use a different port number, you need to use Https://yourdomain:port to access your site.

2. Access test: Reboot tomcat, Access Https://youdomain:port, test certificate installation.

Iv. Backup and recovery of server certificates

After you have successfully installed and configured the server certificate, be sure to back up your server certificate according to the following procedure, in case the loss of certificate is inconvenient to you.

1. Backup of the server certificate

Backing up the server certificate keystore file Keystore.jks file completes the backup operation of the server certificate.

2. Recovery of server certificates

Refer to the Server Certificate Installation section, restore the server certificate keystore keystore.jks file to your server, and modify the configuration file to restore the application of the server certificate.

Jboss Server SSL Certificate Installation Guide