In general you have two options to setup SSL/HTTPS support for your server:
In both cases you have to configure keys and (self-signed) certificates for your web server. This guide will briefly explain how to accomplish that for both options.
We will generate a secret key/certificate and store it in a file called a "key store". The certificate is valid for 30 years = 10950 days. The password use for encryption is "secret".
One important issue is the common name (CN) of the certificate. For some reason this is referred to as "first and last name". It should however match the name of the web server, or some browsers like IE will claim the certificate to be invalid although you may have accepted it already.
$ keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950 Enter keystore password: secret Re-enter new password: secret What is your first and last name? [Unknown]: foo.acme.com What is the name of your organizational unit? [Unknown]: Foo What is the name of your organization? [Unknown]: acme corp What is the name of your City or Locality? [Unknown]: Duckburg What is the name of your State or Province? [Unknown]: Duckburg What is the two-letter country code for this unit? [Unknown]: WD Is CN=foo.acme.com, OU=Foo, O=acme corp, L=Duckburg, ST=Duckburg, C=WD correct? [no]: yes Enter key password for <deva> secret (RETURN if same as keystore password): Re-enter new password: secret
Again we will generate a private key and a self-signed certificate. Additionally, you can also export the certificate to a pkcs12 format file.
You can import it into the Windows certificate storage if you have problems with the Internet Explorer.
The above example assumes that you have configured JBoss to use the standard ports 80 (HTTP) and 443 (HTTPS). Accesses to the HTTP port will be redirected HTTPS.