1

I have a wildcard Cert from godaddy that is installed in our network on a 2008 R2 server running IIS. I have several windows servers now using this wildcard cert and importing into IIS was very straight forward. My Issue is that I now have a windows 2008 R2 server running JBoss as its webserver and i need to import this wildcard cert into this webserver. I am unclear which steps to take next. Can someone provide help in importing my wildcard cert into my 5.X JBoss server

Bill Chapman
  • 13
  • 1
  • 3

2 Answers2

1

Well, for one thing, the biggest difference is that JBoss reads the cert from a JKS keystore. So, for your first step you probably need to import your certs into a JKS keystore. See the JBOSS server.xml and there is a config section for the keystore in the SSL connector.

Now that I think about it, you'll need to import the signed cert into the very same keystore (forming a chain) that you used to generate a CSR from when you initially bought your certificate.

There might be another way to do it but that is my experience.

djangofan
  • 4,172
  • 10
  • 45
  • 59
  • So I assume I use the “keytool genkey” command? I am unsure of the values or exactly what I am combining. Do I run the command once and point to the .crt and then again and point to the .pfx file building a .keystore file. And then run the import command and point to the .keystore? Thank you for your help. – Bill Chapman May 23 '12 at 20:04
  • 1
    No. The command "keytool genkey" is for initially creating the pub and priv key within a keystore. From that you generate a .CSR that you use to buy your certs. Then, when you get the signed reply, you import it into the JKS keystore on top of the private key and it creates a chain. Then, jboss can read that chain from the keystore if you tell jboss the keystore password. Thats it. – djangofan May 23 '12 at 21:30
1

If you have an existing wildcard cert (the csr was generated from another host) you will need to download or generate the wildcard cert in pfx format. From here you need to change your server.xml connector node to keystoreType="PKCS12" and point keystoreFile="myCert.pfx" you will also need your keystorePass="mypassword" with that updated restart jBoss and it should be working.

Adam
  • 48
  • 1
  • 7
  • I spent hours on the phone with the software vendor that couldnt seem to hear me when i said "its a wildacrd cert thus there is no CSR from this server as I am not requesting the cert I already own it and want to use it on multiple Servers thats why I bought a WILDCARD cert. – Bill Chapman Feb 28 '13 at 20:35
  • Exactly what I needed! A whole lot easier than what I thought it would be. Thanks for the knowledge. – dscone Mar 12 '15 at 18:00