How to configure SSL in OutSystems Platform with JBoss 7.1.1 AS or JBoss EAP 6.2

The OutSystems Platform for JBoss AS 7 / JBoss EAP 6.2 already comes prepared to quickly add an SSL certificate.

In a nutshell what you need to do is:

1) add the certificate to the keystore
2) activate the SSL connector

This post will explain step by step what needs to be done.

1) In a shell using the root user type the following commands to setup your environment to use the correct tools:

   source /etc/sysconfig/outsystems
   export PATH=$PATH:$JAVA_HOME/bin

2) go to the jboss configuration directory:

    cd $JBOSS_HOME/standalone/configuration/

3) add your certificate to the outsystems keystore (the default password is outsystems)

     keytool -genkey -keyalg RSA -alias $(hostname) -keystore server.keystore -storepass outsystems -validity 360 -keysize 2048

The above command will create a self-signed certificate with the same name as the server hostname and add it to the outsystems keystore ( server.keystore ). You may want to add your own certificate, and for that you may need other keytool commands. Refer to this article for a list of useful commands.

Note that self-signed certificates will not be accepted by browsers / applications, so you may need to take further measures if using this command for full functionality. We advise you to install a properly signed certificate.

4) enable the SSL connector. Open the standalone-outsystems.xml file, find the following configuration:

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="false">

remove the enabled="false" attribute:

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" >

You may also need to change the <ssl> sub element if you are using a different keystore (with another password), or if you have added several certificates you may need to add a key-alias attribute to identify which certificate to use.

5) restart jboss

    service jboss-outsystems restart

You should now be able to connect to your server via https.

Best regards,
Ricardo Silva