Andrew Nguyen

Configure Jboss 6 EAP to use SSL for Identity Governance

Blog Post created by Andrew Nguyen Employee on Dec 28, 2016

1. Complete the steps for installing GM on Jboss 6 EAP
2. Make sure server is not running
3. Run these steps in CMD:

$ keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950

Enter keystore password: secret
Re-enter new password: secret
What is your first and last name?
[Unknown]: foo.acme.com
What is the name of your organizational unit?
[Unknown]: Foo
What is the name of your organization?
[Unknown]: acme corp
What is the name of your City or Locality?
[Unknown]: Duckburg
What is the name of your State or Province?
[Unknown]: Duckburg
What is the two-letter country code for this unit?
[Unknown]: WD
Is CN=foo.acme.com, OU=Foo, O=acme corp, L=Duckburg, ST=Duckburg, C=WD correct?
[no]: yes

Enter key password for <deva> secret
(RETURN if same as keystore password):
Re-enter new password: secret

4. Please note that after generating the foo.keystore file, it will be saved in the path you are in at CMD
5. Open this file in a text editor: standalone-full-ca-gm.xml
6.Search for this line:
socket-binding name="https" port="8443"
and change the port number from 8443 to 443

7. Find this line in the file and put it in a comment (i.e. <!--<value>-->):
connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"

8. Add this after the line in comment above:
connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="443" /> <connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" enable-lookups="false" secure="true"> <ssl name="foo-ssl" password="secret" protocol="TLSv1" key-alias="foo" certificate-key-file="C:\jboss-eap-6.0\standalone\configuration\foo.keystore" /> </connector>

9. Note that you should point certificate-key-file above to the full path of your foo.keystore location

10. Make sure you import your server certificate in the Java keystore (Ex. keytool -import -trustcacerts -alias root -file myCreatedCert.crt -keystore cacerts)

11. Start the server and use URL: https://<server HOSTNAME>/eurekify/portal/loginForm

Outcomes