Switching from HTTP to HTTPS (JBoss)
- Mahisha Chandrakumar CTOO (Unlicensed)
 Prerequisites
The following table gives the prerequisite information that has to be complied before switching from HTTP to HTTPS for JBoss:
S.No | Dependency | Comments |
1 | JAVAÂ | This has to be installed previously. |
2 | JBoss Server EAP (7+) | This has to be installed previously. |
3 | Setting up the provided environment variables for java |
Perform the following steps in order to switch from HTTP to HTTPS for JBoss:Â
Â
Step - 1 Creating a keystore fileÂ
1. Open the command prompt and enter the following command:
keytool -genkey -alias jboss -keyalg RSA -keystore canvascertificate.cert
2. Enter the keystore and key password details for generating the keystore file. Here, the keystore is saved as canvascertificate.cert
Step – 2: Configuring JBoss for using keystore file — SSL config
Â
File Location: <JBoss EAP 7.x Installed folder>\standalone\configuration\standalone.xml
 1. Add the following security realms data within the security realms tag:
Make sure that you mention the Keystore file path in Keystore path Field. Here, jboss/standalone/configuration folder is mentioned.
 Â
<security-realms>             <security-realm name="ssl-realm"> // "ssl-realm" is an user defined name                 <server-identities>                     <ssl>                         <keystore path="canvascertificate.cert" relative-to="jboss.server.config.dir" keystore-password="canvas" alias="jboss" key-password="canvas"/>                     </ssl>                 </server-identities>             </security-realm>
2. Comment the following command line inside the <subsystem xmlns="urn:jboss:domain:undertow:9.0> element in order to disable the default HTTP configuration:
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
3. Add the following command line inside the <subsystem xmlns="urn:jboss:domain:undertow:9.0>Â element in order to enable the HTTPS configuration.
<subsystem xmlns="urn:jboss:domain:undertow:9.0> Â <https-listener name="https" socket-binding="https" security-realm="ssl-realm" enable-http2="true"/>
Make sure that you mention the security realm name in security-realm field.
 4. Make sure that you mention the security realm details in between urn:jboss:domain:remoting tag.
<subsystem xmlns="urn:jboss:domain:remoting:4.0"> Â Â Â Â Â Â Â Â Â Â Â Â <http-connector name="http-remoting-connector" connector-ref="https" security-realm="ssl-realm"/> Â Â Â Â Â Â Â Â </subsystem>
5. You can change your HTTPS default port if required. Here, 9129 is chosen to be as the port number.
<socket-binding name="https" port="${jboss.https.port:9129}"/>
Â
Step – 3: Accessing the Application
Start JBoss service and try to access https://localhost:9129. You will see JBosss local home page with https enabled. 