Version 5

    Implementing WebService over HTTPS

    1. Prepare the keystore

      1. Create the private/public key pair (use SUN JDK's keytool)


    cd $JBOSS_HOME/server/default/conf keytool -genkey -keyalg RSA -keysize 1024 -alias myhost -validity 1000 -dname ", OU=myOU, O=myO, L=myCity, S=myState, C=myCountry" -keystore myhost.keystore -storepass mypassword



    CN must match your secure host name.


    myCountry should be 2-letter country code such as US, CA, etc.


      1. Create certification signing request (CSR)

    keytool -certreq -alias myhost -keystore myhost.keystore -file myhost.csr

    When prompted, set the keystore password.


      1. Send myhost.csr to your CA and get the certificate

      2. Import CA's certificate


    TODO: provide a useful link to a keytool tutorial


      1. Configure the HTTPS connector (JBoss 4.2 assumed here, may work with other versions after a slight modification)


        1. Edit $JBOSS_HOME/server/default/deploy/jboss-web.deployer/server.xml. Find the <Connector> element that has the SSLEnabled="true" attribute. It's commented out by default, uncomment it. Now, add the following attributes:


    keystoreFile="${jboss.server.home.dir}/conf/myhost.keystore" keystorePass="the_keystore_password_you_set_when_creating_it"