Reference: https://community.jboss.org/wiki/JBossAS7SecuringPasswords
What we need?
- JDK installation
- Setting of JAVA_HOME Environment Variable
- Creation a KeyStore
- JBoss AS 7.1.x installation
Step 1 JDK Installation
Please go to http://java.com and download JDK installation for Windows. (Remember you need JDK installation and not JRE).
I tested this on Windows 7. I downloaded and installed JDK 1.6.0_31 from http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u31-download-1501634.html
I installed JDK6 in c:\Java directory.
Step 2 Setting of JAVA_HOME Environment Variable
I tested this on Windows 7. So your mileage may vary depending on whether you are on XP, Vista, Win7 etc. Please google and you will find instructions for your version of windows. They are pretty close.
- I went to Control Panel.
- Searched for "Environment".
- Chose the "Edit the system environment variables"
- I went into Advanced -> Environment Variables
- I created a new environment variable called JAVA_HOME and set the value to c:\Java\jdk1.6.0_31
- In the PATH environment variable, I appended %JAVA_HOME%\bin; (remember to add ; at the end)
- Run -> cmd
- Type java and you should see a bunch of options rather than "Java is not recognized"
Step 3 Create a Keystore
I created a directory called keystores in c:\
C:\>md keystores
C:\>cd keystores
C:\keystores>keytool
keytool usage:
-certreq [-v] [-protected]
[-alias <alias>] [-sigalg <sigalg>]
[-file <csr_file>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
-changealias [-v] [-protected] -alias <alias> -destalias <destalias>
[-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
-delete [-v] [-protected] -alias <alias>
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
-exportcert [-v] [-rfc] [-protected]
[-alias <alias>] [-file <cert_file>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
-genkeypair [-v] [-protected]
[-alias <alias>]
[-keyalg <keyalg>] [-keysize <keysize>]
[-sigalg <sigalg>] [-dname <dname>]
[-validity <valDays>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
-genseckey [-v] [-protected]
[-alias <alias>] [-keypass <keypass>]
[-keyalg <keyalg>] [-keysize <keysize>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
-help
-importcert [-v] [-noprompt] [-trustcacerts] [-protected]
[-alias <alias>]
[-file <cert_file>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
-importkeystore [-v]
[-srckeystore <srckeystore>] [-destkeystore <destkeystore>]
[-srcstoretype <srcstoretype>] [-deststoretype <deststoretype>]
[-srcstorepass <srcstorepass>] [-deststorepass <deststorepass>]
[-srcprotected] [-destprotected]
[-srcprovidername <srcprovidername>]
[-destprovidername <destprovidername>]
[-srcalias <srcalias> [-destalias <destalias>]
[-srckeypass <srckeypass>] [-destkeypass <destkeypass>]]
[-noprompt]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
-keypasswd [-v] [-alias <alias>]
[-keypass <old_keypass>] [-new <new_keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
-list [-v | -rfc] [-protected]
[-alias <alias>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
-printcert [-v] [-file <cert_file>]
-storepasswd [-v] [-new <new_storepass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-providername <name>]
[-providerclass <provider_class_name> [-providerarg <arg>]] ...
[-providerpath <pathlist>]
C:\keystores>keytool -alias vault -keyalg RSA -keysize 1024 -keystore vault.keys
tore
Usage error: no command provided
Try keytool -help
C:\keystores>keytool -genkey -alias vault -keyalg RSA -keysize 1024 -keystore va
ult.keystore
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: PicketBox Vault
What is the name of your organizational unit?
[Unknown]: PicketBox
What is the name of your organization?
[Unknown]: JBoss
What is the name of your City or Locality?
[Unknown]: Chicago
What is the name of your State or Province?
[Unknown]: IL
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=PicketBox Vault, OU=PicketBox, O=JBoss, L=Chicago, ST=IL, C=US correct?
[no]: yes
Enter key password for <vault>
(RETURN if same as keystore password):
C:\keystores>
C:\keystores>dir
Volume in drive C is
Directory of C:\keystores
03/26/2012 11:58 AM <DIR> .
03/26/2012 11:58 AM <DIR> ..
03/26/2012 11:58 AM 1,359 vault.keystore
That is it.