OK - so I have a bit of a conundrum...

The organization I work for is attempting to get JBoss running with SSL.

We have purchased a GoDaddy Turbo SSL cert. The problem is this... GoDaddy doesn't have a cert specific for JBoss. They do however support Apache and Tomcat. I optend for "Other" as JBoss wasn't listed. I do realize however this may not have been the wisest choice.

I have been reviewing the JBoss wiki located at http://wiki.jboss.org/wiki/SSLSetup;jsessionid=648378AE78137D63E6CE8DA1B7A1DE56

It seems to be heavily geared towards JBoss-3.2.3/Tomcat-4.1.x with anecdotal references to JBoss-4.2.1.

Anyway... I am hoping that I am on the right tract. Maybe somebody can steer me in the right direction...

Our implementation is somewhat non-standard. But the directory structure is basically unchanged.

Here are the steps I've taken thus far:

1.) Generate the keystore file using Sun JAVA 1.4.2_15

M:\java\j2sdk1.4.2_15\bin\keytool.exe -genkey -alias jboss-ssl - keyalg RSA -keystore M:\clients\rel500-qa\SSL\rel500-qa.keystore -validity 3650

NOTE: rel500-qa is the name of the site in question.

2.) Generate the CSR

M:\java\j2sdk1.4.2_15\bin\keytool.exe -certreq -alias jboss-ssl -keyalg RSA -file M:\clients\rel500-qa\SSL\rel500-qa.csr -keystore M:\clients\rel500-qa\SSL\rel500-qa.keystore

3.) Submit the CSR to GoDaddy and receive a Turbo SSL Cert

4.) According to GoDaddy, it was recommended that I include GoDaddy's "Cross-Intermediate and Intermediate certs."

a.)

M:\java\j2sdk1.4.2_15\bin\keytool.exe -import -alias cross -keystore rel500-qa.keystore -trustcacerts -file M:\clients\rel500-qa\SSL\gd_cross_intermediate.cer

b.)

M:\java\j2sdk1.4.2_15\bin\keytool.exe -keystore M:\clients\rel500-qa\SSL\rel500-qa.keystore -import -alias inter -file M:\clients\rel500-qa\SSL\gd_intermediate.cer.

5.) Import the GoDaddy assigned cert

M:\java\j2sdk1.4.2_15\bin\keytool.exe -keystore M:\clients\rel500-qa\SSL\rel500-qa.keystore -keyalg "RSA" -import -trustcacerts -file M:\clients\rel500-qa\SSL\rel500-qa.domain-name.crt

I now have a fully populated keystore file.

When I test the keystore for PKCS12 validity, it fails...

M:\clients\rel500-qa\SSL>M:\java\j2sdk1.4.2_15\bin\keytool.exe -list -keystore M:\clients\rel500-qa\SSL\rel500-qa.keystore -storetype PKCS12
keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

That is my first hurdle...

After that is resolved, my next hurdle is WHERE should the keystore file reside?

From the wiki, I am thinking it belongs in /conf/rel500-qa.keystore

Additionally, I am thinking that according to the wiki, I need to modify deploy/jboss-web.deployer/server.xml however, the formatting is considerably different than that for JBoss-3.2.3/Tomcat-4.1.x and I am wondering how it should look. Can I still use the following configration data:

keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
 keystorePass="tc-ssl"
 protocol = "TLS"/>

If so, how should it look? I am thinking something like this, but I'm not entirely sure...

<!-- Define a SSL HTTP/1.1 Connector on port 8443
 This connector uses the JSSE configuration, when using APR, the
 connector should be using the OpenSSL style configuration
 described in the APR documentation -->

 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
 maxThreads="150" scheme="https" secure="true"
 keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
 clientAuth="false" sslProtocol="TLS" />

Any assistance would be greatly appreciated - thanks.

Caine