Article

Here's what you need to do:

1. Export the eDirectory CA's Self-Signed, with Private Key, to ca.pfx using iManager.
2. openssl genrsa -des3 -out certificate-key.pem 1024
3. openssl req -new -key certificate-key.pem -out certificate-req.pem (Common Name of your JBoss's server eg: servername.domainname.com, leave Email field blank).
4. Issue TLS/SSL Server certificate to DER format through iManager.
5. openssl x509 -inform DER -outform PEM -in certificate.der -out certificate.pem
6. openssl pkcs12 -in ca.pfx -out ca.pem
7. openssl pkcs12 -export -in certificate.pem -inkey certificate-key.pem -certfile ca.pem -out certificate.p12 -name "servername.domainname.com"
8. Find org.mortbay.jetty.jar (available with eDirectory/IDM install at /opt/novell/eDirectory/lib/dirxml/classes/org.mortbay.jetty.jar) and run each of the following giving a keystore password of changeit:

java -classpath org.mortbay.jetty.jar org.mortbay.util.PKCS12Import ca.pfx ca.jks

java -classpath org.mortbay.jetty.jar org.mortbay.util.PKCS12Import certificate.p12 cert.jks

9. Copy both .jks files to {path_to_userapp}/jboss/server/IDM/conf/
10. Edit {path_to_userapp}/jboss/server/IDM/deploy/jboss-web.deployer/server.xml adding the following after the "<Connector port="8080"..." entry:
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="${jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/ca.jks" keystorePass="changeit" trustStoreFile="${jboss.server.home.dir}/conf/cert.jks" trustStorePass="changeit" sslProtocol="TLS" />
11. Start User App