Server

Activate HTTPS on JBoss AS 7

망할고양이 2016. 2. 23. 18:40



keytool -genkey -keystore filename.keystore -storepass mypassword -keypass mypassword -keyalg RSA -validity 180 -alias somealias -dname "cn=Name Surname,o=MyCompany,c=US"


The command will create a self-signed certificate, stored in the .keystore file.

Copy the .keystore file to JBOSS_AS_7_HOME/standalone/configuration

Open JBOSS_AS_7_HOME/standalone/configuration/standalone.xml

Look for the following element:

1
2
3
4
5
6
7
<subsystem xmlns="urn:jboss:domain:web:1.0" default-virtual-server="default-host">
    <connector name="http" protocol="HTTP/1.1" socket-binding="http" scheme="http"/>
    <virtual-server name="default-host" enable-welcome-root="true">
        <alias name="localhost"/>
        <alias name="example.com"/>
    </virtual-server>
</subsystem>

Change it to make it look like this:

1
2
3
4
5
6
7
8
9
10
<subsystem xmlns="urn:jboss:domain:web:1.0" default-virtual-server="default-host">
    <connector name="http" protocol="HTTP/1.1" socket-binding="http" scheme="http"/>
    <connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">
        <ssl key-alias="somealias" password="mypassword" certificate-key-file="../standalone/configuration/filename.keystore" cipher-suite="ALL" protocol="TLS"/>
    </connector>
    <virtual-server name="default-host" enable-welcome-root="true">
        <alias name="localhost"/>
        <alias name="example.com"/>
    </virtual-server>
</subsystem>

Restart JBoss AS 7.

Notice the following lines in the console output/log:

17:45:21,689 INFO  [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Starting Coyote HTTP/1.1 on http--127.0.0.1-8080
17:45:22,138 INFO  [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-3) Starting Coyote HTTP/1.1 on http--127.0.0.1-8443

HTTPS will be running on port 8443 by default.

To change the HTTPS port, look for the socket-binding-group element in standalone.xml