I've been using a self-signed certificate to
test an SSL connection from JBoss. One reference I found,
http://www.ja-sig.org/wiki/display/CASUM/HOWTO+Configure+JBoss+for+HTTPS, stated I should be running JBoss with the option
-Djavax.net.ssl.trustStore="<C:/yourServerLocation>/server/default/conf/server.keystore" and also have the server.keystore declared in the server.xml file under the 8443 section.
I've found that the command line option overrides the JVM cacerts file- meaning that certificates stored in the JVM security cacerts won't be found and a SSL handshake exception occurs when accessing pages requiring those certificates. I tried storing those certificates in the server.keystore but the JVM couldn't read them.
I later found that the command line option is not necessary for JBoss but can be used to specify the location of the JVM certificates if not in the default location. JBoss seems perfectly happy to use what's in the server.xml declaration.
Bottom line - there appears to be a lot of confusion as to how to setup JBoss for SSL and the relationship to the JVM certificates. What I would really like to do is just use a single keystore for all certicates independent of the current JVM and JBoss versions. Any suggestions?