There are actually alot of guides out there on how to make a keystore for jboss and how to get the certificate signed. But I had to combine all of them to fit our needs.
I reissued the old key. so we already got the tomcat.keystore
download the zip from godaddy and extract in same dir as tomcat.keystore
## create new key with
# keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks
##
# verify integrity of tomcat.keystore
keytool -list -v -keystore tomcat.keystore
# import the intermed certificate
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_intermediate.crt
# import the cross certificate
keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file gd_cross_intermediate.crt
# import our wildcard certificate
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file _.nsa.gov.crt
if it reply's with:
"java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big"
Then the certificate is too long, and there is some crap \c\r at the end, just edit it and make sure
-----END CERTIFICATE-----
is on the last line.
then re-import and it should say:
Certificate reply was installed into keystore
Replace the chap8.keystore, make sure you have the path in server.xml
restart jboss verify expire date on the certificate.