Version 5

    Implementing WebService over HTTPS

    1. Prepare the keystore

      1. Create the private/public key pair (use SUN JDK's keytool)

     

    cd $JBOSS_HOME/server/default/conf keytool -genkey -keyalg RSA -keysize 1024 -alias myhost -validity 1000 -dname "CN=myhost.mydomain.com, OU=myOU, O=myO, L=myCity, S=myState, C=myCountry" -keystore myhost.keystore -storepass mypassword

     

    Note:

    CN must match your secure host name.

     

    myCountry should be 2-letter country code such as US, CA, etc.

     

      1. Create certification signing request (CSR)

    keytool -certreq -alias myhost -keystore myhost.keystore -file myhost.csr

    When prompted, set the keystore password.

     

      1. Send myhost.csr to your CA and get the certificate

      2. Import CA's certificate

     

    TODO: provide a useful link to a keytool tutorial

     

      1. Configure the HTTPS connector (JBoss 4.2 assumed here, may work with other versions after a slight modification)

     

        1. Edit $JBOSS_HOME/server/default/deploy/jboss-web.deployer/server.xml. Find the <Connector> element that has the SSLEnabled="true" attribute. It's commented out by default, uncomment it. Now, add the following attributes:

     

    keystoreFile="${jboss.server.home.dir}/conf/myhost.keystore" keystorePass="the_keystore_password_you_set_when_creating_it"