See also this post about java-keystore-entries
Step 1 create your server certificate
# keytool -genkey -keyalg RSA -keysize 1024 -keystore <mykeystorename.jks> -storepass <mykeystorepassword> -storetype JKS -dname "CN=hostname,OU=myOU,O=Company,C=IT" -alias <myalias>
Step 2 estract certificate signigning request for CA
# keytool -certreq -keystore <mykeystorename.jks> -alias <myalias> -file <mycertsignrequest.csr> -storepass <mykeystorepassword>
Step 3 CA returns signed cert (es. signedcert.cer) and its certificate ( es. CAcert.cer) - Note that file extension doensn't matter.
Step 4 Remove header section (if any) from signedcert.cer
# grep -A 200 -i 'begin certificate' signedcert.cer > signedcert.pem
STEP 5 Import signed cer and CA cert in keystore (exactly the same used in step 1) ; import CA cert first !!!
# keytool -import -alias <rootca> -file <CAcert.cer> -keystore <mykeystorename.jks>
Trust this certificate? [no]: yes
(use exactly same alias as before otherwise your certificate will be not signed from CA)
keytool -import -keystore -keystore <mykeystorename.jks> -alias <myalias> -file <signedcert.pem >
JBOSS CONFIGURATION
-Step 1 edit server.xml under your <JBOSS_HOME>/server/default/deploy/jboss-web.deployer/
<Connector port="8443" address="${jboss.bind.address}" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/usr/local/pathconf/jboss-4.2.3GA/server/default/conf/ssl/snodo-conf.jks" keystorePass="keystorepass"/>
Also ou can choose also what PrivatekeyEntries to use adding parameter keyAlias="myalias" otherwise java choose the first in your keystore
Step 2 edit run.conf under <JBOSS_HOME>/bin/
add row
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=<JBOSS_HOME>/server/default/conf/mykeystorename.jks -Djavax.net.ssl.trustStorePassword=mykeystorepassword
Nessun commento:
Posta un commento