Loading...

Change System Properties for SSL Handling in JBoss EAP at runtime

Working with SSL you can pass all settings as arguments, or do it in the standalone.xml/domain.xml as System Properties. The advantage is you can alter them any time instead passing them as arguments. This post demonstrates how to deal with the essential SSL properties within JBoss by using the CLI.

-Djavax.net.debug=ssl
-Djavax.net.ssl.keyStore=clientcertificate.p12
-Djavax.net.ssl.keyStoreType=pkcs12
-Djavax.net.ssl.keyStorePassword=$PASS
-Djavax.net.ssl.trustStore=trusted_certs.jks
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStorePassword=$PASS
-Dhttps.protocols="TLSv1,TLSv1.1,TLSv1.2"

Read System property

[standalone@fo-prd02-dc1:12399 /] /system-property=javax.net.ssl.keyStore:read-resource
{
    "outcome" => "success",
    "result" => {"value" => "/opt/six/fo/configuration/prod.jks"}
}

Change System property

[standalone@fo-prd02-dc1:12399 /] /system-property=javax.net.ssl.keyStore:write-attribute(name=value, value="/opt/six/fo/configuration/prod_sl.jks")
{"outcome" => "success"}

Set logging and alter value

[standalone@fo-prd02-dc1:12399 /] /system-property=javax.net.debug:add(value="ssl:handshake:verbose")
{"outcome" => "success"}
# Increase Logging level
[standalone@fo-prd02-dc1:12399 /] /system-property=javax.net.debug:write-attribute(name=value, value="all")
{"outcome" => "success"}

Add System property for supported HTTPS protocols

[standalone@fo-prd02-dc1:12399 /] /system-property=https.protocols:add(value="TLSv1,TLSv1.1,TLSv1.2")
{"outcome" => "success"}