一、生成数字签名
1. 生成JKS文件
keytool -genkey -keyalg RSA -alias jbosskey -keystore jbosskey.jks
在win7系统中,该文件的默认路径是 C:\Users\rigid
2. 导出证书
keytool -export -alias jbosskey -file jbosskey.cer -keystore jbosskey.jks
在win7系统中,该文件的默认路径是 C:\Users\rigid
3. 查看jks文件的详情
keytool -list -keystore jbosskey.jks
二、配置JBOSS SSL
1. 拷贝jks和cer文件到%JBOSS_HOME%/server/default/conf下
2. 修改jboss-4.2.3.GA\server\default\deploy\jboss-web.deployer\server.xml
增加
keystoreFile="${jboss.server.home.dir}/conf/jbosskey.jks"
keystorePass="1qazxsw2"
<Connector port="8080" address="${jboss.bind.address}"
maxThreads="250" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/jbosskey.jks"
keystorePass="1qazxsw2" sslProtocol = "TLS" />