Just documenting this for any future generations who may attempts this:
I was successfull in entirely replacing JRMP with HTTPS. I also disabled direct access to JNDI (ports 1098 & 1099) and Web Class Downloading (port 8083).
At the end of the day, the JBoss server only had an https port open (8443) and everything functioned properly. I am not, however using clustering and I assume clustering would not work without other services running.
A standalone server works fine.
This Wiki article is a good reference on JBoss port usage:
Hi , do you use ejb as web-services ? I wonder if anyone succeeded with them through ssl.
I do not currently use my EJBs as web services. I have however in the past exported them as web services using JBoss.NET and accessed them remotely using Apache Axis.
JBoss.NET has been superceded by (JBossWS) http://www.jboss.com/products/jbossws.
What's your problem?
I had a project where i used JBossWS and not Jboss.NET.
I successfully deployed all necessary services, but one things wasn't completed. The requirements for project said that services should be accessed through SSL.
When i tried to study how it can be done with JBossWS I didn't find any manual with such topic.
And after all I saw at the JBoss developers' Wiki that it still was challenge to run JBossWS through SSL.
There was guide where deployment parameters was described to run services through SSL, but it didn't work on jboss4.0.0.
So the customers were satisfied with Non-SSL realization, but I think one time they could change their mind.