/
Switching from HTTP to HTTPS (JBoss)

Switching from HTTP to HTTPS (JBoss)

Owned by Mahisha Chandrakumar CTOO (Unlicensed)
Last updated: Oct 13, 2020

 Prerequisites
The following table gives the prerequisite information that has to be complied before switching from HTTP to HTTPS for JBoss:

S.No

Dependency

Comments

1

JAVA 

This has to be installed previously.

2

JBoss Server EAP (7+)

This has to be installed previously.

3

Setting up the provided environment variables for java



Perform the following steps in order to switch from HTTP to HTTPS for JBoss: 
 
Step - 1 Creating a keystore file 
1. Open the command prompt and enter the following command:

keytool -genkey -alias jboss -keyalg RSA -keystore canvascertificate.cert


2. Enter the keystore and key password details for generating the keystore file. Here, the keystore is saved as canvascertificate.cert


Step – 2: Configuring JBoss for using keystore file — SSL config
 
File Location: <JBoss EAP 7.x Installed folder>\standalone\configuration\standalone.xml
  1. Add the following security realms data within the security realms tag:

Make sure that you mention the Keystore file path in Keystore path Field. Here, jboss/standalone/configuration folder is mentioned.
  

<security-realms>
            <security-realm name="ssl-realm"> // "ssl-realm" is an user defined name
                <server-identities>
                    <ssl>
                        <keystore path="canvascertificate.cert" relative-to="jboss.server.config.dir" keystore-password="canvas" alias="jboss" key-password="canvas"/>
                    </ssl>
                </server-identities>
            </security-realm>


2. Comment the following command line inside the <subsystem xmlns="urn:jboss:domain:undertow:9.0> element in order to disable the default HTTP configuration:

<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>

3. Add the following command line inside the <subsystem xmlns="urn:jboss:domain:undertow:9.0> element in order to enable the HTTPS configuration.

<subsystem xmlns="urn:jboss:domain:undertow:9.0>
 
<https-listener name="https" socket-binding="https" security-realm="ssl-realm" enable-http2="true"/>

Make sure that you mention the security realm name in security-realm field.


 4. Make sure that you mention the security realm details in between urn:jboss:domain:remoting tag.

<subsystem xmlns="urn:jboss:domain:remoting:4.0">
            <http-connector name="http-remoting-connector" connector-ref="https" security-realm="ssl-realm"/>
        </subsystem>


5. You can change your HTTPS default port if required. Here, 9129 is chosen to be as the port number.

<socket-binding name="https" port="${jboss.https.port:9129}"/>

 
Step – 3: Accessing the Application
Start JBoss service and try to access https://localhost:9129. You will see JBosss local home page with https enabled.