[jboss-user] [Installation, Configuration & DEPLOYMENT] - HOWTO: create self signed certificate authority and server c

Mon Nov 24 20:34:26 EST 2008

I created a HOWTO doc for creating a self signed certificate authority and server cert for JBoss.   Here is the link to my blog, which describes this:

http://codingathome.blogspot.com/

----------------

Here is the ROUGH content:

Here is how I created my own CA (certificate authority) and used it to enable SSL connectivity in Jboss Tomcat with a WILDCARD server certificate.

0. Prerequisites: The package openssl and JDK1.5+ should be installed in the machine you will use to manage your certificates or create the certificate requests.

1. c:\OpenSSL> mkdir myCA
2. cd mkdir
3. mkdir private ( note: myCA/private is the directory where our private keys are placed. Be sure that you set restrictive permissions to all your private keys so that they can be read only by the CA owner. If anyone steals your private keys, then things get really bad. )
4. mkdir certs
5. copy c:\OpenSSL\bin\openssl.cfg c:\OpenSSL\myCA\openssl.my.cfg . On line 35 or so of the new openssl.my.cfg, change the settings to the following:

[ CA_default ]dir     = .                # <--CHANGE THIScerts       = $dir/certscrl_dir     = $dir/crldatabase    = $dir/index.txt#unique_subject = nonew_certs_dir   = $dir/newcertscertificate = $dir/certs/myCA.crt   # <--CHANGE THISserial      = $dir/serial#crlnumber  = $dir/crlnumbercrl     = $dir/crl.pemprivate_key = $dir/private/myCA.key    # <--CHANGE THISRANDFILE    = $dir/private/.randx509_extensions = usr_cert

6. cd c:\OpenSSL\myCA
7. C:\OpenSSL\myCA>openssl req -config openssl.my.cfg -new -x509 -extensions v3_ca -keyout private/myCA.key -out certs/myCA.crt -days 3650 . (note: on this one, for example, when it asks you for your name you can use "mysecretCA.org". the name you choose doesn't really matter because it will be imported into a web browser as a root cert and so it doesn't need to resolve since (in this case) it validates locally and internally.)
8. cd c:\OpenSSL\myCA\certs
9. c:\OpenSSL\myCA\certs> keytool -genkey -alias tomcat -keyalg RSA -keystore my.keystore -validity 365 -storepass changeit
10. c:\OpenSSL\myCA\certs> keytool -v -certreq -alias tomcat -keystore my.keystore -file myreq.csr
11. cd c:\OpenSSL\myCA
12 c:\OpenSSL\myCA> openssl ca -config openssl.my.cfg -policy policy_anything -out certs/wildcard.crt -infiles certs/myreq.csr
13. cd C:\OpenSSL\my_jungle\myCA\certs
14. C:\OpenSSL\my_jungle\myCA\certs> keytool -import -alias root -keystore my.keystore -trustcacerts -file myCA.crt -storepass changeit
15. C:\OpenSSL\my_jungle\myCA\certs> keytool -import -alias tomcat -keystore my.keystore -trustcacerts -file wildcard.crt -storepass changeit
16. C:\OpenSSL\my_jungle\myCA\certs> keytool -list -v -keystore my.keystore
17. Finally, to load the server certificate in JBoss 4.05. Edit the server.xml file in the jboss\server\default\deploy\jbossweb-tomcat55.sar directory.

Connector port="443" address="${jboss.bind.address}"           maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"           emptySessionPath="true"           scheme="https" secure="true" clientAuth="false"            compression="force" debug="0"           keystoreFile="../../bin/my.keystore"           keystorePass="changeit" sslProtocol = "TLS" 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4191944#4191944

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4191944