Let's generate a new private key and Certificate Signing Request (CSR), the only two things needed, provided you have Certificate Authority (CA) to provide you a SSL certificate.
Seemingly It's all about Trust, An Illusion of Mind. Wise Old Sayings, Once lost, It's gone! :)
Let's try to build it up.
Generate a new private key and CSR:
Seemingly It's all about Trust, An Illusion of Mind. Wise Old Sayings, Once lost, It's gone! :)
Let's try to build it up.
Generate a new private key and CSR:
openssl req -out myCsr.csr -new -newkey rsa:2048 -nodes -keyout myPrivateKey.key
myCsr.csr, myPrivateKey.key are the names of files it's gonna generate. You may replace it with any names you wanna.
Submit myCsr.csr file to the Certificate Authority (CA) to provide you a SSL certificate.
Certificate Authority (CA) will respond you back with three files are as:
1) Signed certificate (obviously that's what you have asked for by submitting them A Certificate Signing Request). Let's name it as ssl.cer
2) RootCA.cer
3) Intermediate.cer
JBoss currently operates only on JKS, PKCS11 or PKCS12 format keystores. Let's make a JKS (Java KeyStore), what say?
openssl pkcs12 -export -name ssl -in ssl.cer -inkey myPrivateKey.key -out keystore.p12 -certfile Intermediate.cer -CAfile RootCA.cer
keytool -importkeystore -destkeystore mksj.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias ssl
Copy mksj.jks to JBoss configuration folder.
Open standalone.xml and add https connector there as:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"><ssl name="ssl" password="123456" certificate-key-file="/home/jboss/standalone/configuration/mksj.jks"/>
</connector>
Add socket binding in standalone.xml as:
<socket-binding name="https" port="443"/>
Now browse your site with seemingly https protocol!
=>That's all !! ;)