How to create a new self-signed certificate for JBoss?

Document ID : KB000013338
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

The self-signed certificate we are using for JBoss has expired. How to create a new self-signed certificate for JBoss?

Answer:

In the example below, I will change the password to "P@ssw0rd" (without the quotes). 

The old password, by default when installed, is "secret" (without the quotes). If you have changed this, you will need to use the password you changed it to. 

1) Stop JBoss 

 

2) In a command prompt, navigate to <jboss>\server\default\deploy\IdentityMinder.ear\custom\ppm\truststore 

 

3) Change The Keystore password: 

keytool -storepasswd -new P@ssw0rd -keystore ssl.keystore 

When prompted with "Enter keystore password:" enter "secret" (without the quotes). 

 

4) Change The Key Password: 

keytool -keypasswd -alias entm -new P@ssw0rd -keystore ssl.keystore 

When prompted with "Enter keystore password:" "P@ssw0rd" (without the quotes). 

When prompted with "Enter key password for <entm>:" enter "secret" (without the quotes). 

 

5) Configure JBoss To Use The New Password: 

Edit <jboss>\server\default\deploy\jboss-web.deployer\server.xml and find: 

<Connector SSLEnabled="true" URIEncoding="UTF-8" clientAuth="false" emptySessionPath="true" keyAlias="entm" keystoreFile="C:\jboss-4.2.3.GA\server\default\deploy\IdentityMinder.ear\custom\ppm\truststore\ssl.keystore" keystorePass="secret" maxThreads="150" port="18443" protocol="HTTP/1.1" scheme="https" secure="true" server="PIM" sslProtocols="TLSv1,TLSv1.1,TLSv1.2"/> 

 

Find keystorePass="secret", and replace "secret" with "P@ssw0rd" 

 

6) Start JBoss