Hướng dẫn tạo CSR và cài đặt chứng chỉ số cho hệ thống chạy JBoss
Nguồn: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO6135
Problem
Generate CSR on Jboss
Generate Key on Jboss
Install Certificate on Jboss
Configure Jboss Web Container
Resolution:
Perform the steps below to generate your Key, CSR and Install your certificate:
If you need to run 'keytool' on your system to create and/or import certificates, copy the JSSE jars to $JAVA_HOME/jre/lib/ext.
Step1: Generate Keystore
keytool -genkey -keyalg RSA -alias tomcat -keystore [keystore name]
Các loại chứng chỉ EV thì thêm đoạn -keysize 2048
Enter keystore password:
Choose a password and enter it when prompted to do so.
What is your first and last name?
[Unknown]: http://www.mydomain.com/ (example)
What is the name of your organizational unit?
[Unknown]: IT testing (example)
What is the name of your organization?
[Unknown]: My Company Testing (example)
What is the name of your City or Locality?
[Unknown]: Cape Town (example)
What is the name of your State or Province?
[Unknown]: Western Province (example)
What is the two-letter country code for this unit?
[Unknown]: ZA (example)
Is CN=www.mydomain.com, OU=IT testing, O=My Company Testing, L=Cape Town, ST=Western Province, C=ZA correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password):
NOTE: Please specify the same password for the keystore and the keyEntry or else you will receive the following error message when you restart the jakarta engine: java.security.UnrecoverableKeyException: Cannot recover key
Note: that a keystore was created.
Please run: keytool -list -keystore [keystorename] to make sure you can read the keystore file.
The keystore will be stored in your JDK/bin directory. Create a copy of the keystore file and store it on a removable disk for safe keeping in case of a server crash.
Step 2: Generate a CSR off the newly create keystore and keyentry:
keytool -certreq -alias tomcat -keyalg RSA -file certreq.csr -keystore [keystorename]
Enter keystore password:
The CSR will be saved to your JDK/bin directory:
-----BEGIN NEW CERTIFICATE REQUEST-----
and
-----END NEW CERTIFICATE REQUEST-----
Step 3: When you receive the certificate save the VeriSign signed Certificate in a notepad file named 'cert' for example.
Step 4: Import the Certificate into the keystore:
keytool -import -alias tomcat -trustcacerts -file cert.txt -keystore [keystorename]
Step 5. Configure Web Container
If using Tomcat - Find the section in the Tomcat server.xml configuration file that starts with, "Uncomment this for SSL support". Uncomment the following section, and insert the location of your server key.
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
value="8443"/>
value="org.apache.tomcat.net.SSLSocketFactory">
Copy the JSSE jars to your $TOMCAT_HOME/lib directory.
If using Jetty - Find the section in the $JBOSS_JETTY_HOME/conf/jetty/jetty.xml configuration file that starts with, "Uncomment this to add an SSL listener". Uncomment the following section, and insert the location of your server key.
8443
5
255
50000
/ etc / server.keystore
changeit
changeit
Start JBoss
Start JBoss and point your browser to https://your-server-name.your-domain:8443/ to test your SSL implementation.
If using "self-signed" certificates, you may have to import your test certificate into your browser.
