In this extensive tutorial, you will learn how to install an SSL Certificate on JBoss Server. Before the installation, you need to have all the SSL files on your device. For users who don’t have the primary SSL certificate and the private key, we’ve also included a quick guide on how to generate a CSR code on JBoss.

As a bonus, in the latter parts of this article, we’ve added a few interesting tidbits about JBoss, as well as valuable info on where to buy the best SSL Certificate for your JBoss platform.

Generate a CSR Code on JBoss
Install an SSL Certificate on JBoss
Test your Installation
JBoss history and versions
Where to buy an SSL Certificate for JBoss?

Generate a CSR Code on JBoss

CSR or Certificate Signing Request is a small block of encoded text you must create and send to the Certificate Authority (CA). You will provide your website and company details in the CSR, and the CA will use them to validate your SSL request.

Along with the CSR, you will also create your private key. The private key is an essential element of your SSL Certificate. You’ll need it later, during the installation process. Follow the instruction below to generate your private key and CSR code.

Create the Keystore and Private Key

  1. Your first step is to create a keystore for your JBoss Server. A keystore is a repository where you will store your private key. Run the following command to generate a keystore and private key:
    keytool -genkey -alias create_Privatkey_Alias -keyalg RSA -keystore path_and_create_KeystoreFilename.jks –keysize 2048

    Note: You need to specify a Privatekey alias. You will use it for CSR creation and certificate installation. Make sure you remember it.

  2. Next, pick a password for your keystore, and re-enter it. Write it down, or save it on your PC. You will use it during the certificate configuration
  3. Enter your contact details as shown below:
    • What is your first and last name? Common Name (CN): type the FQDN (fully qualified domain name) of the website you want to secure. For instance, com or

      Note: If you have a Wildcard Certificate, add an asterisk in front of your domain. Your common name should look like this: *

    • What is the name of your organizational unit? (OU): indicate the department in charge of SSL management. For example, IT or Web Administration. If you have a Domain Validation certificate, type NA instead
    • What is the name of your organization? (O): enter the official name of your company. For example, Your Company LLC. For a DV certificate, enter NA instead
    • What is the name of your city or locality? (L): specify the city where your company is located. For example, California
    • What is the name of your state or province? (ST): enter the full name of your state where your company is located
    • What is the two-letter country code for this unit? (C): provide the two-letter code of your country. For instance, US. Here you can find the full list of country codes.
  4. Double check your information and type Y then click Enter to confirm your submission
  5. Enter the key password for your Alias. The command will then ask you for the private key password. Press Enter. Your keystore and private key passwords are identical. Make sure you don’t lose them.

Generate the CSR from the keystore

  1. Run the command below:
    keytool -certreq -keyalg RSA -alias your_privatekey_alias -file your_csr_file.csr -keystore your_keystore_filename.jks
  2. Back up your keystore file. You will need it during the installation process
  3. Open your CSR file (.csr) with any text editor such as Notepad, and copy-paste all its contents into your SSL certificate order page.

Depending on the type of your cert, you may have to wait for a few minutes (DV certs) or a couple of business days (EV and BV certs) for it to arrive in your email inbox.

Install an SSL Certificate on JBoss

After you receive the SSL certificate files from your Certificate Authority, you can proceed with the SSL installation.
For this demonstration, we’ll assume you’re using a Tomcat or Jetty servlet.

Prepare your SSL Certificate files

  1. Your CA should send you all the files in a ZIP archive to your email. Download the ZIP archive and extract the SSL files. Make sure you have the following files:
    • The primary SSL certificate in a x509/.cer/.crt/.pem
    • The intermediate SSL Certificate with the .ca-bundle extension
    • The Private Key file with .key extension that you’ve generated on the same server along with your CSR code
  2. Copy the contents of your SSL Certificate including the —–BEGIN CERTIFICATE—– and—–END CERTIFICATE—– tags into a text editor and save the file with .crt
  3. Do the same with your .ca-bundle file. Copy-paste the code into a single file and save it as .crt.

Install the SSL Certificate on JBoss

Import the SSL Certificate into the keystore by running the following command:

keytool -import -alias your_alias_name -trustcacerts -file ssl_certificate.crt -keystore your_keystore_filename

Note: Please, enter the Alias and Keystore names that you’ve used during the CSR and Private Key generation.


  1. Locate the server.xml configuration file and open it
  2. Use the ctrl+F search function and find the “Uncomment this for SSL support” line
  3. Uncomment the following section and add your server key location
    <Connector className="org.apache.tomcat.service.PoolTcpConnector">
    <Parameter name="handler"
    <Parameter name="port"
    <Parameter name="socketFactory"
    value="" />
    <Parameter name="keystore" value="/usr/java/jakarta-tomcat-3.2.2/server.keystore" />
    <Parameter name="keypass" value="changeit" />
  4. Copy the JSSE jars to $TOMCAT_HOME/lib directory.


  1. Locate the part in the $JBOSS_JETTY_HOME/conf/jetty/jetty.xml configuration file that should begin with, “Uncomment this to add an SSL listener”
  2. Uncomment the following part, and insert the location of your server key.
    <Call name="addListener">
    <New class="com.mortbay.HTTP.SunJsseListener">
    <Set name="Port">8443</Set>
    <Set name="MinThreads">5</Set>
    <Set name="MaxThreads">255</Set>
    <Set name="MaxIdleTimeMs">50000</Set>
    <Set name="Keystore"><SystemProperty name="jetty.home" default="."/>/etc/server.keystore</Set>
    <Set name="Password">changeit</Set>
    <Set name="KeyPassword">changeit</Set>
  3. Restart your JBoss server. Congratulations, now you know how to install an SSL Certificate on JBoss.

Test your SSL Installation

After you complete the installation, you need to ensure it runs smoothly. Use one of these powerful SSL tools, to check your SSL Certificate for potential errors. The whole process won’t take more than a few minutes. With almost instant scans and extensive reports, you will get the whole picture of your SSL installation.

JBoss history and versions

JBoss is a subscription-based/open-source Java application server, part of JBoss Enterprise Middleware portfolio of software. Initially developed by JBoss, and currently, by Red Hat, the JBoss Enterprise Application Platform (EAP) offers a wide range of features:

  • Integration and messaging services
  • Web Application Services
  • Caching and clustering
  • Security services
  • Enterprise Java Beans (EJB)
  • Java persistence using Hibernate

JBoss EAP is related to the following products:

  • JBoss Enterprise Web Platform (or JBoss EWP)
  • JBoss Enterprise Portal Platform (or JBoss EPP)
  • JBoss Enterprise Web Server (or JBoss EWS)
  • JBoss Web Framework Kit
  • JBoss Cache (or JBC)
  • JBoss Netty

Listed below are the JBoss EAP-supported versions:

  • Red Hat JBoss Enterprise Application Platform 7.4
  • Red Hat JBoss Enterprise Application Platform 7.2
  • Red Hat JBoss Enterprise Application Platform 7.1
  • Red Hat JBoss Enterprise Application Platform 7.0

Where to buy an SSL Certificate for JBoss?

SSL Dragon is your one-stop place for all your SSL needs. We’ve partnered with the most trusted Certificate Authorities in the industry to offer you affordable SSL products. All our certificates are compatible with JBoss. Whether you want to secure a personal or company website, we’ve got you covered. Below, you will find the types of SSL certificates available at SSL Dragon:

You can choose the ideal SSL Certificate for your project and budget with the help of our handy SSL Wizard and Certificate Filter. The first tool will determine which SSL Certificate is the best for your website, while the latter will sort and compare various certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.