≡ Menu

How to Install JBoss AS 7 with SSL on Linux (Enable HTTPS SSL on JBoss)

If you are developing Java web application, you should consider deploying it on open source JBoss AS Java application server.

This tutorial explains how to install JBoss with SSL support on Linux.

1. Download JBoss AS 7

The current stable version of Jboass AS is 7.1.1. Download it from here.

Or, use wget to download it directly as shown below:

cd /usr/save
wget http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip
unzip jboss-as-7.1.1.Final.zip

2. Set JBOSS_HOME

I like to keep the jboss under /home directory, and set the JBOSS_HOME accordingly as shown below.

cd /usr/save
mv jboss-as-7.1.1.Final /home
export JBOSS_HOME=/home/jboss-as-7.1.1.Final

Also, make sure you add the JBOSS_HOME to your ~/.bash_profile directory.

3. Verify Java Version

You need JDK 1.6 or above to run the Java AS 7. If you don’t have JDK installed on your system, download it from here.

On my system, I already have the JDK installed.

# java -version
java version "1.6.0_31"
..

4. Start and Stop JBoss Server

Use the standalone.sh script to start the JBoss server as shown below. Use nohup and & to run the JBoss server in the background.

# nohup sh $JBOSS_HOME/bin/standalone.sh &

After you star the JBoss server, you should be able to access http://localhost:8080 to access the JBoss server.

If you want to access the JBoss from using ip-address, you should allow JBoss AS to accept remote connection.

To shutdown the JBoss server, don’t simply kill the background process. Instead, use the following jboss-cli.sh script and send the shutdown command to the JBoss server as shown below.

$JBOSS_HOME/bin/jboss-cli.sh --connect --command=:shutdown

5. Create Java Key Store

Let us create the keys required for JBoss under /usr/save/keystore

mkdir /usr/save/keystore
cd /usr/save/keystore

Use the java keytool genkey command to create the RSA keypair and self-signed certificate as shown below.

# /usr/java/jdk1.6.0_31/bin/keytool -v -genkey -alias jbosskeys -keyalg RSA -keysize 1024 -keystore jbosskeys.jks -keypass SecretPwd -storepass SecretPwd -validity 365 -dname "CN=localhost"
Generating 1,024 bit RSA key pair and self-signed certificate (SHA1withRSA) with a validity of 365 days
 for: CN=localhost

6. Export and Import Certificate

Export the certificate to a crt file.

# /usr/java/jdk1.6.0_31/bin/keytool -v -export -rfc -alias jbosskeys -file localfile.crt -keystore jbosskeys.jks -keypass SecretPwd -storepass SecretPwd
Certificate stored in file <localfile.crt>

Import the crt file to the keystore.

# /usr/java/jdk1.6.0_31/bin/keytool -v -import -keypass SecretPwd -noprompt -trustcacerts -alias localhost -file localfile.crt -keystore cacerts.jks -storepass SecretPwd
Certificate was added to keystore
[Storing cacerts.jks]

7. Modify standalone.conf

Modify the /home//jboss-as-7.1.1.Final/bin/standalone.conf file and add the following JAVA_OPTS parameters.

JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.keyStorePassword=SecretPwd"
JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.trustStorePassword=SecretPwd"
JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.keyStoreType=JKS"
JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.trustStoreType=JKS"
JAVA_OPTS="$JAVA_OPTS \-DCLIENT_KEY_ALIAS=jbosskeys"
JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.keyStore=/usr/save/keystore/jbosskeys.jks"
JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.trustStore=/usr/save/keystore/cacerts.jks"

8. Add SSL Entries in standalone.xml

Modify the /home//jboss-as-7.1.1.Final/standalone/configuration/standalone.xml as shown below.

First, in the standalone.xml file, add the following SSL connecter information, after this line: <connector name=”http” protocol=”HTTP/1.1″ scheme=”http” socket-binding=”http”/>

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="connect" secure="true">
 <ssl name="ssl"
     protocol="TLSv1"
     password="SecretPwd"
     certificate-key-file="/usr/save/keystore/jbosskeys.jks"
     ca-certificate-file="/usr/save/keystore/cacerts.jks"
     verify-client="true" />
</connector>

Next, in the standalone.xml file, add the following line, after this line: <socket-binding name=”txn-status-manager” port=”4713″/>

<socket-binding name="connect" port="8181"/>

Finally, after you restart the JBoss, you should be able to access JBoss SSL from port 8181.

Add your comment

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

Comments on this entry are closed.

  • daz March 18, 2014, 4:44 am

    I love Jboss, but for SSL prefer to set Apache in front of it.
    There are many benefit of it and it is pretty easy to set mod_cluster or proxy_ajp

  • Prashant March 18, 2014, 5:33 am

    Hi Ramesh,

    Thank you ramesh for posting this article.
    Could you please let me know how to install a basic JBOSS AS7 without SSL Support.

    Regards,
    Prashant

  • Bob March 18, 2014, 7:26 am

    Good article. Would be nice since this is a tutorial to explain who uses JBOSS and why, so that we can learn without much googling

  • sri November 20, 2014, 1:57 am

    Good Article ….Thanks

  • ABDUL MANAF C J June 11, 2015, 3:30 am

    Certificate-based authentication failed

    ERR_BAD_SSL_CLIENT_AUTH_CERT

    This server requires a certificate for authentication, and didn’t accept the one sent by the browser. Your certificate may have expired, or the server may not trust its issuer. You can try again with a different certificate, if you have one, or you may have to obtain a valid certificate from elsewhere.

  • Prasad June 30, 2015, 5:12 am

    where we need to add java_opts ?
    please mention that one

  • Sriveena August 31, 2015, 3:45 pm

    Hi Ramesh,
    That’s a very clear explanation of how to Setup SSL. Being a newbie to both JBOSS and SSL, I was struggling with the SSL setup. I have my web application hosted in JBOSS. It need to invoke 2 diff web services hosted on different tomcat servers. And only one of them requires that we send our certificate for client authentication. We don’t need a mutual authentication from our end. Could you please let me know if the above configuration helps in this scenario ?

  • Kannan April 20, 2016, 10:46 am

    hi Ramesh, this is really helpful. but i am using windows . i have done similar changes to standalone.conf.bat as you mentioned ( replaced $ to % ) , but with that changes , standalone.bat is throwing error.

    Any idea ?

    i am using jboss7.1.1 and jdk 1.7.0_79