2 Replies Latest reply on Mar 4, 2014 10:50 AM by shruti-p

    How to install SSLCertificateChainFile in JBoss 7


      Hi all,


      in JBoss 5.1 i configured a ssl connection like this:


      <Connector protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"

                 port="443" address="${jboss.bind.address}"

                 scheme="https" secure="true" clientAuth="false"




              sslProtocol = "TLS" />


      as you can see i used APR.


      In JBoss 7.1 i configured the ssl connection like this:


      <subsystem xmlns="urn:jboss:domain:web:1.2" default-virtual-server="default-host" native="true">

                  <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

               <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

                     <ssl certificate-key-file="${jboss.server.config.dir}/cert/*********.key" protocol="TLSv1" verify-client="false" certificate-file="${jboss.server.config.dir}/cert/*****.pem"/>


                  <virtual-server name="default-host" enable-welcome-root="false"/>



      I did not find a possiblity to add the SSLCertificateChainFile. Can anybody tell me how to configure the chain file?


      Kind Regards



        • 1. Re: How to install SSLCertificateChainFile in JBoss 7

          In Tag ssl I set the ca-certificate-file attribute. I entered the path to chain certificate file and it is working fine.


          <ssl certificate-key-file="${jboss.server.config.dir}/cert/***.key" protocol="TLSv1" verify-client="false" certificate-file="${jboss.server.config.dir}/cert/*****.pem" ca-certificate-file="${jboss.server.config.dir}/cert/*******.pem"/>

          • 2. Re: How to install SSLCertificateChainFile in JBoss 7

            Hi Celle,


            I am trying to switch my http interface to https, I bought a certificate from a CA and imported it into my keystore. But I keep getting this message that the certificate cannot be trusted when I try to load my web application.

            I have used the following commads to import the certificate into the keystore

              keytool -import -alias root -keystore <your_keystore_filename> \ -trustcacerts -file <filename_of_the_chain_certificate>

            keytool -import -alias tomcat -keystore <your_keystore_filename> \ -  file <your_certificate_filename>

            I have configured the https connector in jboss in the following way

            <subsystem xmlns="urn:jboss:domain:web:1.1" native="false" default-virtual- server="default-host"

            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/

            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"

            <ssl name="https" key-alias="myalias" password="foobar" certificate-key-file="/path_to_keystore_file"/


            <virtual-server name="default-host" enable-welcome-root="false"

            <alias name="localhost"/

            <alias name="example.com"/


            Can you please explain the difference between certificate-key-file, certificate-file and why are there two of them?

            Also if there are any other configurations if I have missed