Enabling SSL on JBoss 4.2.0

March 17, 2008

One of the prerequisites in order to install and configure CAS (Central Authentication Service), a popular open-source Single Sign-On, is to enable SSL on the web container. This can actually be quite painful, especially for developers who enjoy focusing on the implementation details rather than the infrastructure aspects (that would be me 😉 ).

In this post I present the steps required to enable the SSL support in JBoss 4.2.0: JSSE is required (bundled with JDK 1.4 or higher).

Little tip: when prompted use changeit as password as it is the default keystore password.

Delete existing certificates

This is step is not strictly required but it helps to get rid of previously created certificates (in case you have been playing around with the keystore). Run the following commands:

keytool -delete -alias localhost
keytool -delete -alias localhost -keystore “C:/Program Files/Java/jdk1.5.0_14/jre/lib/security/cacerts”

The first command removes the certificate with alias localhost from the user keystore, the second deletes the certificate from the system trusted certification repository.

The cacerts file is basically the system keystore which stores the CA (Certification Authority) certificates and can be found at ${java.home}/jre/lib/security/cacerts

Read the rest of this entry »