How to configure several SSL certificates in OutSystems Platform with JBoss 7.1.1 AS

How to configure several SSL certificates in OutSystems Platform with JBoss 7.1.1 AS

In some situations you might want to have several hostnames pointing to the same machine.

The simpler solution would be to have a certificate that covers all the addresses used with either a wildcard certificate or alternative common names. In this case you just install this certificate using the instructions in this post.

If you can't have this, you'll need to configure your JBoss installation to use several IP's (and have a different certificate in each). For this you'll need your machine to have several IPs but this configuration is outside the scope of this post and should be handled with your IT. We will also not cover keystore manipulation as it is already covered in this post which keytool to use. This post assumes you have several IPs and the certificates added to your keystore. The simplest configuration would be to have one keystore for each certificate to be used.

Now, on the top-level we need to do the following:

1) add an interface to the jboss configuration file for each IP and for
2) add one socket-binding for each IP and for
3) delete the existing https connector
4) add one connector for each IP and for

Imagining your server has the following IP addresses and and a keystore for each (<ip-address>.keystore), this is what you need to change in the configuration file:

1) In the <interfaces> element, add an interface for each ip and

        <interface name="management">
            <inet-address value="${}"/>
        <interface name="public">
            <inet-address value="${jboss.bind.address:}"/>
        <interface name="unsecure">
            <inet-address value="${jboss.bind.address.unsecure:}"/>
      <!-- NEW INTERFACES HERE -->
        <interface name="ip1">
            <inet-address value=""/>
        <interface name="ip2">
            <inet-address value=""/>
        <interface name="localhost">
            <inet-address value=""/>
2) In the socket-binding-group element, add a binding for each of the above interfaces on port 8443

    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    <!-- existing bindings Don't delete them. -->
         <socket-binding name="ip1-https" interface="ip1" port="8443"/>
         <socket-binding name="ip2-https" interface="ip2" port="8443"/>
         <socket-binding name="localhost-https" interface="localhost" port="8443"/>

3) and 4) under the <subsystem xmlns="urn:jboss:domain:web:1.1" entity, delete or inactivate the https connector and add the following connectors:

You can use any of the keystores or a specific keystore for the localhost binding.

        <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

            <connector name="https" protocol="HTTP/1.1" scheme="https-ip1" socket-binding="ip1-https" secure="true">
                <ssl password="<PASSWORD>" certificate-key-file="${jboss.server.config.dir}/" ca-certificate-file="${jboss.server.config.dir}/"/>
            <connector name="https-ip2" protocol="HTTP/1.1" scheme="https" socket-binding="ip2-https" secure="true">
                <ssl password="<PASSWORD>" certificate-key-file="${jboss.server.config.dir}/" ca-certificate-file="${jboss.server.config.dir}/"/>
           <connector name="https-localhost" protocol="HTTP/1.1" scheme="https" socket-binding="localhost-https" secure="true">
                <ssl password="<PASSWORD>" certificate-key-file="${jboss.server.config.dir}/" ca-certificate-file="${jboss.server.config.dir}/"/>
            <virtual-server name="default-host" enable-welcome-root="true">
                <alias name="localhost"/>
                <alias name=""/>

After these configuration changes, you'll need to restart jboss:

    service jboss-outsystems restart

Best regards,
Ricardo Silva

What are the options to configure mulitple SSL certificates for Microsoft IIS on Windows 2008 R2?