Enabling SSL on JBoss Application Server

Enable and verify SSL on JBoss Application Server.

Procedure

  1. Generate Key
    1. On the command line, type $JBOSS_HOME/standalone/configuration.
    2. Enter the following command: 
    • keytool -genkey -alias jboss7 -keyalg RSA -keystore server.keystore -validity 10950
      Note: Where,
      • the value of -alias refers an alias for the JBoss 7 Application Server name.
      • the value of -keystore refers to the filename where the generated key is saved.
      • the value of -validity refers to the validity of the certificate. Specify the value in days. For example, if the certificate is valid for 30 years, specify 10950.

        You can modify the values as per your requirement.

    1. Press Enter. The command prompts to enter the password.
    2. Enter the password.
    3. Re-enter the new password. The command displays a list of questions related to your organization.
    4. Type an answer for each question.
    5. Enter the password.
    6. Re-enter the new password.

      A server.keystore file is generated in the $JBOSS_HOME/standalone/configuration directory.

  2. Add HTTPS Connector
    1. Go to $JBOSS_HOME/standalone/configuration directory and open the standalone.xml file.
    2. Under <subsystem xmlns="urn:jboss:domain:web:1.1" native="false" default-virtual-server="default-host"> element, add the following details: 
      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enabled="true" secure="true"/>
    3. Save the updated standalone.xml file.
  3. Specify SSL Parameters
    1. Go to $JBOSS_HOME/standalone/configuration directory and open the standalone.xml file.
    2. Specify the following SSL parameter inside the https connector parameter. 
      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
     <ssl name="jboss7_ssl" key-alias="jboss71" password="Tibco321" certificate-key-file="../standalone/configuration/server.keystore" protocol="TLSv1"/>
</connector>
    3. Save the updated standalone.xml file.
  4. Verify SSL Configuration

    For https protocol, JBoss uses 8443 port.

    1. Type the following TIBCO MDM URL into your browser: 
      https://IPaddress:8443/eml/Login

      If the TIBCO MDM Login screen is displayed, an SSL is successfully configured.

      Note: If the TIBCO MDM Login screen is not displayed, perform the following steps:
      • For Internet Explorer,
        1. Click Tools > Internet Options. The Internet Options window is displayed.
        2. Click the Advanced tab.
        3. Under Security, verify whether Use SSL versionnumber and Use TLS versionnumber check boxes are checked.
      • For Mozilla Firefox,
        1. Click Firefox > Options > Options. The Options window is displayed.
        2. Click the Advanced tab.
        3. Click the Encryption tab.
        4. Under Protocols, verify whether Use SSL versionnumber and Use TLS versionnumber check boxes are checked.