IBM FileNet P8, Version 5.2.1            

Deploying the certificate on JBoss

After you obtain the SSL certificate, you must deploy the certificate to the Content Platform Engine server.

About this task

The keystore that you created in the JBOSS_HOME/server/server_name/conf directory is the identity keystore for JBoss. You can use the Java™ standard truststore in the JAVA_HOME/jre/lib/security/cacerts directory as the truststore for JBoss.

Procedure

To deploy the certificate:

  1. Edit your JBoss start-up script to start your server with the following JVM argument:
    -Djavax.net.ssl.trustStore="server-keystore"
    server-keystore is the location of your truststore, such as JBOSS_HOME/server/server_name/conf/server.keystore.
    Tip: The -Djavax.net.ssl.trustStore option is not required if you use the Java standard truststore for trusted certificates.
  2. Enable JBoss web for HTTPS.
    1. Open the JBOSS_HOME/server/server_name/deploy/jbossweb.sar/server.xml file in a text editor.
    2. Uncomment and modify the <!-- SSL/TLS Connector configuration section as follows:
      <Connector protocol="HTTP/1.1" SSLEnabled="true"
      port="8443" address="${jboss.bind.address}"
      scheme="https" secure="true" clientAuth="false"
      keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
      keystorePass="changeit" sslProtocol = "TLS" />
      Tip: You uncomment the code by removing the two lines that contain the beginning comment characters "<!" and the end comment characters "->".

      Set the value for keystoreFile to the path for the keystore that you created in the Creating the keystore on JBoss topic.

  3. Optional: Verify the configuration by accessing the JBoss home page and the Content Platform Engine ping page.
    Page URL
    Non-secure JBoss home page http://myHostname:8080
    SSL JBoss home page https://myHostname:8443
    Non-secure Content Platform Engine ping page http://myHostname:8080/FileNet®/Engine
    SSL Content Platform Engine ping page https://myHostname:8443/FileNet/Engine
    Important: If you use a self-signed certificate, the browser displays a warning about untrusted sites or certificates. This warning is expected. If you use a certificate from a certificate authority, you do not receive warnings.


Last updated: March 2016
p8pcc371.htm

© Copyright IBM Corporation 2016.