Enabling HTTPS in JBoss EAP 5, Using Self-Signed Certificate

Surprisingly by default JBoss EAP (at least version 5) comes with HTTPS disabled. Here is how to enable it:

  1. Open this file in editor: $JBOSS_HOME/server//deploy/jbossweb.sar/server.xml
  2. Find section looking like the following and uncomment it:



  3. Note the keystorePass=”foobar” part. This defines the password you will need in the next steps. And no, it’s not foobar, you will see something else in your config file
  4. Run this command and answer all the questions. Use the same “foobar” password for the certificate when prompted. Since we’re building a self-signed certificate it doesn’t really matter what you’re entering, just make sure the alias matches your web server name.

    keytool -genkey -alias -keyalg RSA -keystore keystore.jks -storepass foobar -validity 1360 -keysize 2048

  5. After you answer all question you will find file called keystore.jks in your current directory. Copy this file to $JBOSS_HOME/server/all/conf/chap8.keystore (i.e. give the file new name)
  6. Restart the server
  7. After restart you can access your server on port 8443 (see the server.xml file configuration above to change it)


One more note: if you see something like this:

14:59:11,400 ERROR [JSSESocketFactory] Failed to load keystore type JKS with path .../server/all/conf/chap8.keystore due to Keystore was tampered with, or password was incorrect

This most probably means the password you entered while generating the certificate doesn’t match the password in server.xml file.

Leave a Reply