domenica 18 marzo 2012

A full sample about configuring https over jboss 4.2.x with java keytool

 See also this post about  java-keystore-entries

Step 1 create your server certificate
# keytool -genkey -keyalg RSA -keysize 1024 -keystore <mykeystorename.jks> -storepass <mykeystorepassword> -storetype JKS -dname "CN=hostname,OU=myOU,O=Company,C=IT"   -alias <myalias>

Step 2 estract certificate signigning request for CA
# keytool -certreq -keystore <mykeystorename.jks>  -alias <myalias>  -file <mycertsignrequest.csr> -storepass <mykeystorepassword>

Step 3 CA returns signed cert (es. signedcert.cer) and its certificate ( es.  CAcert.cer) - Note that file extension doensn't matter.

Step 4  Remove header section (if any) from signedcert.cer
# grep -A 200 -i 'begin certificate' signedcert.cer > signedcert.pem 

STEP 5  Import signed cer and CA cert in keystore (exactly the same used in step 1) ; import CA cert first !!!

# keytool -import -alias <rootca> -file <CAcert.cer> -keystore <mykeystorename.jks>
 Trust this certificate? [no]:  yes

(use exactly same alias as before otherwise your certificate will be not signed from CA)
keytool -import -keystore -keystore <mykeystorename.jks>  -alias <myalias>  -file <signedcert.pem >

-Step 1 edit  server.xml under your  <JBOSS_HOME>/server/default/deploy/jboss-web.deployer/
   <Connector port="8443"   address="${jboss.bind.address}" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150"  scheme="https"  secure="true"
  clientAuth="false"     sslProtocol="TLS" keystoreFile="/usr/local/pathconf/jboss-4.2.3GA/server/default/conf/ssl/snodo-conf.jks"        keystorePass="keystorepass"/>
Also    ou can choose also what PrivatekeyEntries to use adding parameter  keyAlias="myalias" otherwise java choose the first in your keystore

Step 2 edit run.conf under <JBOSS_HOME>/bin/
add row

Nessun commento:

Posta un commento