1 Reply Latest reply on Jan 8, 2015 6:24 PM by a b

    jboss 7 standalone ssl using existing wildcart ca certificate

    a b Newbie

      Can anyone please share the steps for, how i can setup ssl on jboss 7 standalone server using an existing wildcart ca certificate?


      I have tried may different suggestions from internet forums but no luck, i am able to set it up successfully using self generated certificate using


             <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
                 <ssl name="myssl" password="password" certificate-key-file="../standalone/configuration/mykeystore.jks" protocol="TLSv1"/>


      how and where do i specify CA certificate? i am new to jboss so please if anyone can detail these steps where i don't have to generate CSR (certificate request).


      Again, I want to use an existing wild card certificate that is being used in few existing IIS server? How do i use it in Jboss 7 s


      Thanks for your help.

        • 1. Re: jboss 7 standalone ssl using existing wildcart ca certificate
          a b Newbie

          ok, here is answser to my own question above.


          Get the existing certificate and its private key in pkcs12 format. here are the steps assuming you have the file in pkcs12 format (extension will be in pfx)


          1. Get the file in pkcs12 format which contains certificate and key, your network admin should be able to provide you or whoever has access to the server that has certificate installed.


          2. Ask them to give you password for that too you will need it.


          Now for key store  will use made up name for above mycertwithkey.pfx


          3. Import above file into a new keystore (you don't have to use new keystore i am just making everything vanilla).


          keytool -importkeystore -destkeystore mykeystore.jks -srckeystore mycertwithkey.pfx -srcstoretype pkcs12

          This will ask password for dest keystore and then password from step 2 above


          4. get the key alias by listing contents of the keystore and then copying line that says alias


          keytool -list -v -keystore mykeystore.jks


          5. change standalone.xml  and add/edit following.



                  <subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">

                      <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

                      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true" >

                          <ssl name="myssl" key-alias="<alias you got from step 4 above>" certificate-key-file="../standalone/configuration/mykeystore.jks " password="<password you used above in step3>" protocol="TLSv1" />


                      <virtual-server name="default-host" enable-welcome-root="true">

                          <alias name="localhost"/>




          6. Restart jboss


          7. if you get for some unknown reason java.io.IOException: Cannot recover key

          you can change password for both keystore and key as follows


          keytool -storepasswd -new <enterpassword> -keystore mykeystore.jks

          keytool -keypasswd -alias <keyalias from above steps> -new <enterpassword> -keystore mykeystore.jks