This tutorial makes the following assumptions:
- That you are running JBoss under a 'jboss' user whose home directory is /home/jboss/
For the following examples the string "<server-name/ip>" should be replaced with the domain name, or ip address from which the site will be accessed via https. Also the path to your installed JDK is likely different.
- Create a new keystore using the jdk provided binary:
# /usr/lib/jvm/java-1.6.0-openjdk/bin/keytool -genkey -alias your_alias -keyalg RSA -keystore keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: <server-name/ip>
What is the name of your organizational unit?
[Unknown]: Your Unit
What is the name of your organization?
[Unknown]: Your Organization
What is the name of your City or Locality?
[Unknown]: Your City
What is the name of your State or Province?
[Unknown]: MD
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=<server-name/ip>, OU=Your Unit, O=Your Organization, L=Your City,
ST=MD, C=US correct?
[no]: yes
Enter key password for <your_alias>
(RETURN if same as keystore password):
Re-enter new password:
. When propmted for the key password, you must enter the same password as you first entered, when going through the keystore prompts.
. Put the keystore file in the /home/jboss directory
- Export the generated server certificate in .keystore to server.cer
# /usr/lib/jvm/java-1.6.0-openjdk/bin/keytool -export -alias your_alias -storepass password -file server.cer -keystore keystore.jks
- Create a trust-store file and add the server cert to it
# /usr/lib/jvm/java-1.6.0-openjdk/bin/keytool -import -v -trustcacerts -alias your_alias -file server.cer -keystore cacerts.jks -keypass password -storepass password
It will display the following:
Owner: CN=<server-name/ip>, OU=Your Unit, O=Your Organization,
L=Your City, ST=MD, C=US
Issuer: CN=<server-name/ip>, OU=Your Unit, O=Your Organization,
L=Your City, ST=MD, C=US
Serial number: 4e20527c
Valid from: Fri Jul 15 10:45:16 EDT 2011 until: Thu Oct 13 10:45:16 EDT 2011
Certificate fingerprints:
MD5: B9:25:A0:89:B9:A3:62:44:38:DD:B7:13:2C:05:C5:8C
SHA1: 3C:F9:54:2D:96:0C:D7:F9:C5:DA:24:54:A3:29:41:98:5E:01:2C:97
Signature algorithm name: SHA1withRSA
Version: 3
. Enter 'yes'
Trust this certificate? [no]: yes
Certificate was added to keystore
- Edit the JBOSS config file $JBOSS_HOME/server/server_profile/deploy/jbossweb.sar/server.xml
. Make a copy of the following block of XML
<!-- SSL/TLS Connector configuration using the admin devl guide keystore
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="${jboss.web.https.port}" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
keystorePass="rmi+ssl" sslProtocol = "TLS" />
-->
. Make the following changes:
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="${jboss.web.https.port}" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${user.home}/jboss_as_keys/keystore.jks"
keystorePass="password"
truststoreFile="${user.home}/jboss_as_keys/cacerts.jks"
truststorePass="password"
sslProtocol = "TLS" />
. Disable unencrypted http/8080 access to the server by commenting out the following:
<!--
<Connector protocol="HTTP/1.1" port="${jboss.web.http.port}"
address="${jboss.bind.address}"
redirectPort="${jboss.web.https.port}" />
-->
- Set up port forwarding for port 443 to 8443 via iptables Use the following iptables commands, replacing $IPADDR with the IP of your web server
# iptables -t nat -A OUTPUT --destination localhost -p tcp --dport 443 -j REDIRECT --to-ports 8443
# iptables -t nat -A OUTPUT --destination $IPADDR -p tcp --dport 443 -j REDIRECT --to-ports 8443
# iptables -t nat -A PREROUTING --destination $IPADDR -p tcp --dport 443 -j REDIRECT --to-ports 8443
# /etc/init.d/iptables save
# /etc/init.d/iptables restart
相关推荐
linux 下 配置JBoss6.0+JDK7.0
jboss 6.0 上开发 MDB 点对点,及 广播形式
jboss-6.0.0.20100911-M5-part1
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" ... <!-- 定义包管理配置的action 继承struts-default.xml中的配置 --> <!-- 定义Action(login.action) --> ...
JBOSS 6 存在 将日志写入自定义的日志文件,对Log4j集成存在bug
jboss-6.0.0.20100911-M5.part010
jboss-6.0.0.20100911-M5-part2
jboss-6.0.0.20100911-M5.part09
myeclipse8.6安装jboss drools 6.0规则引擎插件文档
jboss-6.0.0.20100911-M5.part04
jboss-6.0.0.20100911-M5.part06
jboss-6.0.0.20100911-M5.part05
jboss-6.0.0.20100911-M5.part07
jboss-6.0.0.20100911-M5.part08
NULL 博文链接:https://elfmtian.iteye.com/blog/739064
jboss-6.0.0.20100911-M5.part03.rar-real
JBoss部署Web Project时的问题——请刷新
Eclipse3.7 集成 jbossTools 3.3+Drools 6.0 自己亲自安装集成
JSR-315 专家组发布了规范的最终草案!glashfish v3 提供了全面支持,tomcat 7.0 jboss6.0 目前还在内测中;
java6.0源码