How to add an issued certificate to the JBOSS SSL keystore


Article ID: 35702


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)



Many users want/need to replace the default SSL certificate located in the JBOSS keystore for numerous reasons/restrictions in their environment. This task can become very difficult with certain options not being used or following the correct process. This can result in a multitude of errors and a process longer than it should.




    • 1.     Create a new ssl.keystore with the alias of entm in it.
      keytool -genkey -alias entm -keyalg RSA -keystore ssl.keystore -storepass SSLKEYSTORE_PASSWORD -dname  



    • 2.     Generate a certificate request
      keytool -certreq -keyalg RSA -alias entm -keystore ssl.keystore -file CERT_REQUEST_FILENAME.csr
      Send the CRS to the Certificate team



    • 3.     Once it’s back, import the root CA first
      keytool -import -keystore ssl.keystore -alias rootCA -file ROOT_CA_CERT_FILENAME.cer



    • 4.     Then the intermediate if there is one
      keytool -import -keystore server.keystore -alias intermediateCA -file INTERMEDIATE_CA_CERT_FILENAME.cer



    • 5.     Then the machine certificate
      keytool -import -alias entm -keystore ssl.keystore -file MACHINE_CERT_FILENAME.cer



    • 6.     Start jboss and voila


      Additional Information:






      Release: ACP1M005900-12.6-Privileged Identity Manager