After you obtain the SSL certificate, you must deploy the
certificate to the Content Platform Engine server.
About this task
The keystore that you created in the
JBOSS_HOME/server/server_name/conf
directory is the identity keystore for JBoss. You can use the
Java standard truststore in the
JAVA_HOME/jre/lib/security/cacerts directory
as the truststore for JBoss.
Procedure
To deploy the certificate:
- Edit your JBoss start-up script to start your server with the following JVM argument:
-Djavax.net.ssl.trustStore="server-keystore"
server-keystore is the location of your truststore, such as
JBOSS_HOME/server/server_name/conf/server.keystore.
Tip: The -Djavax.net.ssl.trustStore option is not required if you use
the Java standard truststore for trusted certificates.
- Enable JBoss web for HTTPS.
- Open the JBOSS_HOME/server/server_name/deploy/jbossweb.sar/server.xml
file in a text editor.
- Uncomment and modify the <!-- SSL/TLS Connector
configuration section as follows:
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="changeit" sslProtocol = "TLS" />
Tip: You uncomment the code by removing the two lines that contain the beginning comment
characters "<!" and the end comment characters "->".
Set the value for keystoreFile to the path for the keystore that you created in
the Creating the keystore on JBoss topic.
- Optional: Verify the configuration by accessing
the JBoss home page and the Content Platform Engine ping
page.
Page |
URL |
Non-secure JBoss home page |
http://myHostname:8080 |
SSL JBoss home page |
https://myHostname:8443 |
Non-secure Content Platform Engine ping
page |
http://myHostname:8080/FileNet/Engine |
SSL Content Platform Engine ping
page |
https://myHostname:8443/FileNet/Engine |
Important: If you use a self-signed certificate, the browser displays a
warning about untrusted sites or certificates. This warning is expected. If you use a certificate
from a certificate authority, you do not receive warnings.