7.2. Implement SSL Encryption for the JBoss EAP 6 Web Server

Introduction

Many web applications require a SSL-encrypted connection between clients and server, also known as a HTTPS connection. You can use this procedure to enable HTTPS on your server or server group.

Prerequisites

  • You need a set of SSL encryption keys and a SSL encryption certificate. You may purchase these from a certificate-signing authority, or you can generate them yourself using command-line utilities. To generate encryption keys using Red Hat Enterprise Linux utilities, refer to Section 7.3, “Generate a SSL Encryption Key and Certificate”.
  • You need to know the following details about your specific environment and set-up:
    • The full directory name and path to your certificate files
    • The encryption password for your encryption keys.
  • You need to run the Management CLI and connect it to your domain controller or standalone server.

Note

This procedure uses commands appropriate for a JBoss EAP 6 configuration that uses a managed domain. If you use a standalone server, modify Management CLI commands by removing the /profile=default from the beginning of any Management CLI commands.

Procedure 7.1. Configure the JBoss Web Server to use HTTPS

  1. Add a new HTTPS connector.

    Execute the following Management CLI command, changing the profile as appropriate. This creates a new secure connector, called HTTPS, which uses the https scheme, the https socket binding (which defaults to 8443), and is set to be secure.

    Example 7.1. Management CLI Command

    /profile=default/subsystem=web/connector=HTTPS/:add(socket-binding=https,scheme=https,protocol=HTTP/1.1,secure=true)
    
  2. Configure the SSL encryption certificate and keys.

    Execute the following CLI commands to configure your SSL certificate, substituting your own values for the example ones. This example assumes that the keystore is copied to the server configuration directory, which is EAP_HOME/domain/configuration/ for a managed domain.

    Example 7.2. Management CLI Command

    /profile=default/subsystem=web/connector=HTTPS/ssl=configuration:add(name=https,certificate-key-file="${jboss.server.config.dir}/keystore.jks",password=SECRET, key-alias=KEY_ALIAS)
    
    For a full listing of parameters you can set for the SSL properties of the connector, refer to Section 7.4, “SSL Connector Reference”.
  3. Deploy an application.

    Deploy an application to a server group which uses the profile you have configured. If you use a standalone server, deploy an application to your server. HTTP requests to it use the new SSL-encrypted connection.