MyJavaCode.com

Tutorial and How to Guide on Java Programming. Topics covered include Java Programming Language - Core Java, Spring, Webservices, REST, Hibernate, Maven and Microservices.

Wildcard SSL Certificate Configuration in JBoss

By

Securing the webtraffic or connection to the servers is of paramount interest for any one who wants to prevent any kind of malicious attacks on their servers. One of the most popular ways to secure the web traffic is to use https. In order to enable https, we have to buy a SSL digital certificate from a trusted Certificate Authority (CA). There are two types of SSL certificates,

1. Regular SSL Certificate

2. Wildcard SSL Certificate

By using a regular SSL certificate, we can secure one domain, for eg. www.mydomain.com. Whereas a Wildcard SSL certificate allows us to secure the main domain & all of its sub domains. So, in addition to securing www.mydomain.com, you will also be able to secure any number of its sub domains like www.xyz.mydomain.com, www.abc.mydomain.com etc.,. Based on your requirement, you can buy one of the above two certificates.

Also Read: How to Deploy Exploded WAR file in JBoss EAP Server

In this article we will explain the steps required to setup or configure the wildcard SSL certificate for JBoss Application Server.

wildcard ssl certificate

Steps for Wildcard SSL Certificate Configuration

You will receive the following files from the Certificate Authority once you purchase the wildcard SSL certificate,

  • star_mydomain_com.crt
  • star_mydomain_com.key
  • star_mydomain_com.ca-bundle

You can follow the below steps to configure the wildcard SSL certificate in the JBoss Application Server. You will need to install Openssl on your machine if you don’t have it installed already.

1. Merge & Convert the .crt & .key file

Navigate to the folder where you have the .crt, .key file & execute the below command,

openssl pkcs12 -export -in STAR_mydomain_com.crt -inkey STAR_mydomain_com.key > STAR_mydomain_com.p12

The above command will merge and convert the crt & key files into a single PKCS12 file. When prompted for the password, you will have enter a password for the new p12 file being created.

2. Import P12 file to Java KeyStore

As the next step, you need to import the p12 file created in Step 1 to your Java key store. You can achieve this by using the below command.

keytool -importkeystore -srckeystore STAR_mydomain_com.p12 -destkeystore STAR_mydomain_com.jks -srcstoretype pkcs12

When prompted you will have to enter the password for the & destination(.jks file) key store. The above created key store STAR_mydomain_com.jks will have both the certificate & the key.

Also Read: How to Create Immutable Objects in Java

3. Import the ca-bundle file to the KeyStore

The next step would be import the ca-bundle file in your wildcard SSL certificate folder to the java KeyStore. Below command can be used for this.

keytool -import -alias myservercert -keystore STAR_mydomain_com.jks -trustcacerts -file STAR_mydomain_com.ca-bundle

4. Configure JBoss for https

As the last step, you will need to configure the JBoss Application server for https. This can done by updating the https connector section in the standalone.xml file of the JBoss server.

<connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" enable-lookups="false" secure="true"> 
<ssl name="mydomain-ssl" password="password123" certificate-key-file="/home/user/jboss/certificates/STAR_mydomain_com.jks" protocol="TLSv1"/> 
</connector>

Hope this information helps you. Do let us know if you face any issues with any of the above steps.

 

Also ReadJaCoCo Code Coverage in Springboot Applications : A Comprehensive Guide

email

About Prasanna Manjunatha

Prasanna is a Toronto based Java Consultant with more than 15 years of Software Development experience. His areas of expertise include Core Java, Spring boot, REST, Microservices, Hibernate, NoSQL, Docker, Kubernetes and AWS.