Macromedia live cycle 7.2 Manual
71
11
Configuring SSL on JBoss
This chapter describes how to create SSL credentials and configure SSL on the application server to
enhance the security of communication with your application server.
enhance the security of communication with your application server.
The information in this chapter applies to both turnkey and manual installations.
Note:
It is recommended that you complete the installation, configuration and deployment of your
LiveCycle products and ensure that the products are running correctly before configuring SSL on
the application server.
LiveCycle products and ensure that the products are running correctly before configuring SSL on
the application server.
It is important to ensure that the security settings configured on the application server and in the
LiveCycle.ear file are consistent.
LiveCycle.ear file are consistent.
If you have not already enabled SSL in the Data Manager Module (assembled as part of the LiveCycle.ear
file), run Configuration Manager to reconfigure and reassemble the products with SSL enabled, and then
redeploy the LiveCycle.ear file. The SSL password that you specify in Configuration Manager must match
the password that you provide when configuring SSL on the application server. (See
file), run Configuration Manager to reconfigure and reassemble the products with SSL enabled, and then
redeploy the LiveCycle.ear file. The SSL password that you specify in Configuration Manager must match
the password that you provide when configuring SSL on the application server. (See
.)
To configure SSL on the application server, you must perform the following tasks:
●
●
Creating an SSL Credential
To configure SSL on JBoss, you need an SSL credential for authentication. You can use the IBM Key
Management tool that is installed with Java keytool to perform the following tasks to create a credential:
Management tool that is installed with Java keytool to perform the following tasks to create a credential:
●
Create a public/private key pair.
●
Wrap the public key in an X.509 v1 self-signed certificate that is stored as a single-element certificate
chain.
chain.
●
Store the certificate chain and the private key in a new keystore.
The keytool command is typically located in your Java jre/bin directory. You use the command keytool
-genkey to start the keytool and generate the key pair. The keytool command must include several options
and option values, which are listed in the following table. The keytool command is typically located in the
Java jre/bin directory and must include several options and option values, which are listed in the following
table.
-genkey to start the keytool and generate the key pair. The keytool command must include several options
and option values, which are listed in the following table. The keytool command is typically located in the
Java jre/bin directory and must include several options and option values, which are listed in the following
table.
Keytool option
Description
Option value
-alias
The alias of the keystore.
ads-credentials
-keyalg
The algorithm to use to
generate the key pair.
generate the key pair.
RSA
You can use a different algorithm, depending on
your company’s policy.
your company’s policy.