SSL Configuration using Verisign
JBOSS Installation : jboss-3.0.8
JDK Installation : jdk1.3
1. Download JSSE from http://www.javasoft.com/products/jsse
2. Copy jcert.jar,jnet.jar and jsse.jar to /lib/ext directory of your JRE
3. Register the JSSE provider in the java.security file in the \lib\security directory of your JRE.
Add the following line in java.security file
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
4.Generate .keyStore File
C:\ssl>keytool -genkey -alias j2ee -keyalg RSA -keystore ./.keystore
Enter keystore password: password
What is your first and last name?
[Unknown]: Prasad
What is the name of your organizational unit?
[Unknown]: IRCTC
What is the name of your organization?
[Unknown]: IRCTC
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is <CN=Prasad, OU=IRCTC, O=IRCTC, L=Bangalore, ST=Karnataka, C=IN> correct?
[no]: y
Enter key password for <j2ee>
(RETURN if same as keystore password): password
5. Create a local Certificate Signing Request
C:\ssl>keytool -certreq -keyalg RSA -alias j2ee -file j2ee.csr -keystore ./.keystore
Enter keystore password: password
6.Go to http://www.verisign.com and get the SSL Trail ID.You will be getting a certificate by email.
Save it as jboss.cer
7.Installing the Intermediate CA Certificate(note: Also referred to as a SERVER CERT CHAIN)
Go to http://www.verisign.com/support/install/intermediate.html and obtain an Intermediate CA Certificate. Save the certificate as chain.cer
8.Install OPEN SSL Software available at the below mentioned location http://www.slproweb.com/products/Win32OpenSSL.html(Win32OpenSSL-v0.9.7d)
9.Convert jboss.cer to jboss.cer.pem by envoking the following command
C:\ssl>openssl x509 -in jboss.cer -out jboss.cer.pem -outform PEM
10.Convert chain.cer to chain.cer.der by invoking the following command
C:\ssl>openssl x509 -in chain.cer -out chain.cer.der -outform DER
11. Import chain.cer.der to key store by invoking the following command
C:\ssl>keytool -import -alias ugent -file chain.cer.der -keystore ./.keystore
Enter keystore password: password
Owner: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign Internationa
l Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Serial number: 254b8a853842cce358f8c5ddae226ea4
Valid from: Thu Apr 17 05:30:00 IST 1997 until: Tue Oct 25 05:29:59 IST 2011
Certificate fingerprints:
MD5: BC:0A:51:FA:C0:F4:7F:DC:62:1C:D8:E1:15:43:4E:CC
SHA1: C2:F0:08:7D:01:E6:86:05:3A:4D:63:3E:7E:70:D4:EF:65:C2:CC:4F
Trust this certificate? [no]: y
Certificate was added to keystore
12. Import jboss.cer.pem in to the keystore by invoking the following command
C:\ssl>keytool -import -alias j2ee -file jboss.cer.pem -keystore ./.keystore
Enter keystore password: password
keytool error: java.lang.Exception: Failed to establish chain from reply
C:\ssl>keytool -import -alias j2ee1 -file jboss.cer.pem -keystore ./.keystore
Enter keystore password: password
Owner: CN=Prasad, OU=IRCTC, O=IRCTC, L=Bangalore, ST=Karnataka, C=IN
Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/reposi
tory/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
Serial number: 6dcfc6d63849c3df67a1c8ab638d053f
Valid from: Wed Jun 09 05:30:00 IST 2004 until: Thu Jun 24 05:29:59 IST 2004
Certificate fingerprints:
MD5: 90:58:A1:4D:5A:90:3A:0E:80:1E:3D:E0:A4:90:85:7B
SHA1: 49:77:42:3F:19:99:76:88:4B:DF:92:EC:03:57:97:91:95:8F:B0:FB
Trust this certificate? [no]: y
Certificate was added to keystore
Additional Links :
http://www.lowagie.com/techtips/#ssl
http://www.verisign.com/support/csr/tomcat/v00.html
13.Place the .keystore file in JBoss directory and uncomment the following configuration element in jboss-service.xml of
Jetty SAR deployment descriptor
8443
5
100
30000
2000
/ssl/.keystore
password
password
