1. Create a new keystore using the same name and password as the existing one running on the system (note: CN, the user's first and last name, must be the URL for which the keystore is being created):
keytool -genkey -keyalg RSA -alias tomcat -keystore <keystore_name>.keystore
2. Create a certificate request (CSR):
keytool -certreq -alias tomcat -keyalg RSA -file <cert_request_name>.csr -keystore <keystore_name>.keystore
3. Send the CSR to a CA and in return you will receive the CA's root cert path and the cert for your URL.
4. Import into the keystore the CA's root cert (for the certification path):
keytool -import -file <CA_cert>.crt -keystore <keystore_name>.keystore
5. Import into the keystore the cert that the CA generated in response to the CSR:
keytool -import -alias tomcat -trustcacerts -file <new_cert_from_CA>.crt -keystore <keystore_name>.keystore
6. Copy the resulting keystore into jboss/server/all/conf
7. Modify the server.xml by adding the name of and password for the keystore. In your server.xml file, the keystore and keystorePass should look something like the following:
keystoreFile="${jboss.server.home.dir}/conf/lces-ssl.jks" keystorePass="password"
8. Restart JBoss.
Leave a comment