-
1. Re: jboss 7 standalone ssl using existing wildcart ca certificate
mhjboss7 Jan 8, 2015 6:24 PM (in response to mhjboss7)ok, here is answser to my own question above.
Get the existing certificate and its private key in pkcs12 format. here are the steps assuming you have the file in pkcs12 format (extension will be in pfx)
1. Get the file in pkcs12 format which contains certificate and key, your network admin should be able to provide you or whoever has access to the server that has certificate installed.
2. Ask them to give you password for that too you will need it.
Now for key store will use made up name for above mycertwithkey.pfx
==============
3. Import above file into a new keystore (you don't have to use new keystore i am just making everything vanilla).
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore mycertwithkey.pfx -srcstoretype pkcs12
This will ask password for dest keystore and then password from step 2 above
4. get the key alias by listing contents of the keystore and then copying line that says alias
keytool -list -v -keystore mykeystore.jks
5. change standalone.xml and add/edit following.
<subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true" >
<ssl name="myssl" key-alias="<alias you got from step 4 above>" certificate-key-file="../standalone/configuration/mykeystore.jks " password="<password you used above in step3>" protocol="TLSv1" />
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
</virtual-server>
</subsystem>
6. Restart jboss
7. if you get for some unknown reason java.io.IOException: Cannot recover key
you can change password for both keystore and key as follows
keytool -storepasswd -new <enterpassword> -keystore mykeystore.jks
keytool -keypasswd -alias <keyalias from above steps> -new <enterpassword> -keystore mykeystore.jks
cheers...