How to Install JBoss AS 7 with SSL on Linux (Enable HTTPS SSL on JBoss)

by Ramesh Natarajan on March 17, 2014

If you are developing Java web application, you should consider deploying it on open source JBoss AS Java application server.

This tutorial explains how to install JBoss with SSL support on Linux.

1. Download JBoss AS 7

The current stable version of Jboass AS is 7.1.1. Download it from here.

Or, use wget to download it directly as shown below:

cd /usr/save
wget http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip
unzip jboss-as-7.1.1.Final.zip

2. Set JBOSS_HOME

I like to keep the jboss under /home directory, and set the JBOSS_HOME accordingly as shown below.

cd /usr/save
mv jboss-as-7.1.1.Final /home
export JBOSS_HOME=/home/jboss-as-7.1.1.Final

Also, make sure you add the JBOSS_HOME to your ~/.bash_profile directory.

3. Verify Java Version

You need JDK 1.6 or above to run the Java AS 7. If you don’t have JDK installed on your system, download it from here.

On my system, I already have the JDK installed.

# java -version
java version "1.6.0_31"
..

4. Start and Stop JBoss Server

Use the standalone.sh script to start the JBoss server as shown below. Use nohup and & to run the JBoss server in the background.

# nohup sh $JBOSS_HOME/bin/standalone.sh &

After you star the JBoss server, you should be able to access http://localhost:8080 to access the JBoss server.

If you want to access the JBoss from using ip-address, you should allow JBoss AS to accept remote connection.

To shutdown the JBoss server, don’t simply kill the background process. Instead, use the following jboss-cli.sh script and send the shutdown command to the JBoss server as shown below.

$JBOSS_HOME/bin/jboss-cli.sh --connect --command=:shutdown

5. Create Java Key Store

Let us create the keys required for JBoss under /usr/save/keystore

mkdir /usr/save/keystore
cd /usr/save/keystore

Use the java keytool genkey command to create the RSA keypair and self-signed certificate as shown below.

# /usr/java/jdk1.6.0_31/bin/keytool -v -genkey -alias jbosskeys -keyalg RSA -keysize 1024 -keystore jbosskeys.jks -keypass SecretPwd -storepass SecretPwd -validity 365 -dname "CN=localhost"
Generating 1,024 bit RSA key pair and self-signed certificate (SHA1withRSA) with a validity of 365 days
 for: CN=localhost

6. Export and Import Certificate

Export the certificate to a crt file.

# /usr/java/jdk1.6.0_31/bin/keytool -v -export -rfc -alias jbosskeys -file localfile.crt -keystore jbosskeys.jks -keypass SecretPwd -storepass SecretPwd
Certificate stored in file <localfile.crt>

Import the crt file to the keystore.

# /usr/java/jdk1.6.0_31/bin/keytool -v -import -keypass SecretPwd -noprompt -trustcacerts -alias localhost -file localfile.crt -keystore cacerts.jks -storepass SecretPwd
Certificate was added to keystore
[Storing cacerts.jks]

7. Modify standalone.conf

Modify the /home//jboss-as-7.1.1.Final/bin/standalone.conf file and add the following JAVA_OPTS parameters.

JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.keyStorePassword=SecretPwd"
JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.trustStorePassword=SecretPwd"
JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.keyStoreType=JKS"
JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.trustStoreType=JKS"
JAVA_OPTS="$JAVA_OPTS \-DCLIENT_KEY_ALIAS=jbosskeys"
JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.keyStore=/usr/save/keystore/jbosskeys.jks"
JAVA_OPTS="$JAVA_OPTS \-Djavax.net.ssl.trustStore=/usr/save/keystore/cacerts.jks"

8. Add SSL Entries in standalone.xml

Modify the /home//jboss-as-7.1.1.Final/standalone/configuration/standalone.xml as shown below.

First, in the standalone.xml file, add the following SSL connecter information, after this line: <connector name=”http” protocol=”HTTP/1.1″ scheme=”http” socket-binding=”http”/>

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="connect" secure="true">
 <ssl name="ssl"
     protocol="TLSv1"
     password="SecretPwd"
     certificate-key-file="/usr/save/keystore/jbosskeys.jks"
     ca-certificate-file="/usr/save/keystore/cacerts.jks"
     verify-client="true" />
</connector>

Next, in the standalone.xml file, add the following line, after this line: <socket-binding name=”txn-status-manager” port=”4713″/>

<socket-binding name="connect" port="8181"/>

Finally, after you restart the JBoss, you should be able to access JBoss SSL from port 8181.


Linux Sysadmin Course Linux provides several powerful administrative tools and utilities which will help you to manage your systems effectively. If you don’t know what these tools are and how to use them, you could be spending lot of time trying to perform even the basic administrative tasks. The focus of this course is to help you understand system administration tools, which will help you to become an effective Linux system administrator.
Get the Linux Sysadmin Course Now!

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

{ 3 comments… read them below or add one }

1 daz March 18, 2014 at 4:44 am

I love Jboss, but for SSL prefer to set Apache in front of it.
There are many benefit of it and it is pretty easy to set mod_cluster or proxy_ajp

2 Prashant March 18, 2014 at 5:33 am

Hi Ramesh,

Thank you ramesh for posting this article.
Could you please let me know how to install a basic JBOSS AS7 without SSL Support.

Regards,
Prashant

3 Bob March 18, 2014 at 7:26 am

Good article. Would be nice since this is a tutorial to explain who uses JBOSS and why, so that we can learn without much googling

Leave a Comment

Previous post:

Next post: