Is there any way to create a self sign SSL certificate for multiple domains? My environment is jboss-5.1.0.GA.
I already created a self sign SSL certificate for single domain using the following java keytool commands.
keytool -genkey -alias jbosskey -keypass changeit -keyalg RSA -keystore server.keystore
*Answer the prompts. Use myHostname when asked for first/last name
keytool -export -alias jbosskey -keypass changeit -file server.crt -keystore server.keystore
keytool -import -alias jbosscert -keypass changeit -file server.crt -keystore server.keystore
Then I enable SSL in JBOSS server.xml as follows;
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="7443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="changeit" sslProtocol = "TLS" />
This is working fine. Now I need to add another separate domain name to this certificate.
Please note that this is not a wildcard certificate I’m talking about which support sub domains.
What I need to do is, add totally separate domain names to single keystore file.
P.S.
I’m working on apache + JBOSS environment. The apache server works as a proxy.
I can give separate SSL certificate files in apache httpd-ssl.conf configuration for different domains. But when I come to JBOSS, I’m not sure how to handle it.
If we use apache as a proxy (That means configure ssl in apache), can we ignore SSL from JBOSS?
I tried to ignore entry (keystoreFile="${jboss.server.home.dir}/conf/server.keystore") but it gives an error.
If not is there any way to handle this situation without a SSL certificate that support for multiple domains?
Thanks
If I understand this correctly, you may be able to let your Apache server handle the SSL authentication and then Jboss can ignore the SSL cert if the proxy is handling it upfront (the JBoss design is to allow control/ auth of SSL certs from the deployment, which doesn't sound necessary in this case)
I have a similar setup, whereby a proxy hosted elsewhere deals with the SSL authentication & just forwards the requests through the DMZ to the JBoss server, which can ignore the certs then.