Jboss Archive

How to configure SSL on JBoss EAP

Create Connector

Picture1

Picture2

Picture3

Picture4

Create Keystores

keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname “CN=myserver.beasys.com, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US” -keypass password -keystore identity.jks -storepass password

keytool -selfcert -v -alias mykey -keypass password -keystore identity.jks -storepass password -storetype jks

keytool -export -v -alias mykey -file rootCA.der -keystore identity.jks -storepass password

keytool -import -v -trustcacerts -alias mykey -file rootCA.der -keystore trust.jks -storepass password

Configure Keystore using CLI

[standalone@localhost:9999 /] /subsystem=web/connector=https/ssl=configuration:a
dd(certificate-key-file=C:/LABS/identity.jks,password=password,key-alias=mykey)
{“outcome” => “success”}

Encrypting password in JBoss EAP

To encrypt password in Jboss using CLI, you can follow the steps below. This is particularly useful if you want to encrypt password for datasource.

 

1) export JBOSS_HOME=/pallavi/

2) export CLASSPATH=/pallavi/jboss-eap-6.2/modules/system/layers/base/org/picketbox/main/picketbox-4.0.19.SP2-redhat-1.jar:/pallavi/modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.2.GA-redhat-1.jar:$CLASSPATH

3) java org.picketbox.datasource.security.SecureIdentityLoginModule sa

4) Make changes in your configuration file(eg: standalone.xml) under the security tag as below (search for security:1.2 tag):-

<security-domain name="encrypted-h2ds" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="sa"/>
<module-option name="password" value="9fdd42c2a7390d3"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=MySqlDS_Pool"/>
</login-module>
</authentication>
</security-domain>

5) Now, remove the user name and password from datasource subsystem and add the below tag:-

<security-domain>h2ds</security-domain>

6) Now, restart the jboss instance as below and test the connectivity as below:-

[root@localhost ~]# /pallavai/bin/jboss-cli.sh
[disconnected /] connect 10.21.12.235:9999
[standalone@10.21.12.235:9999 /] /subsystem=datasources/data-source=ExampleDS:test-connection-in-pool()
{
"outcome" => "success",
"result" => [true]
}