I think you need to import the trusted root certificate, (possibly any intermediary certs as well) into the Java keystore that JBoss is using. (When running on Linux, only place I have run JBoss, it uses Tomcat to run JBoss in it).
I am not sure where the default Java key store would be for Tomcat. You can use keytool
from any Java JDK install, and import the trusted root that way. The keystore password should be 'default' since there is nothing secret about trusted root public keys.
Sample Keytool syntax might be:
keytool -importcert -keystore Path/to/store -storepass Password (Usually default or changeit) -alias Something -file FileWithPublicKey
To get the trusted root, an easy way is if the same cert is used for an HTTP interface. But I think IE will let you try ldaps://serverIP/ and then in the icon with a lock, you can see certificate details.
There is a tab for the certification chain. The top item is the CA who signed this cert (aka the Root that we need to Trust, to make it a Trusted Root).
If all this is too much, then here is a funny trick! Get the 600K Java based LDAP browser, called LBE and delete the local file lbecacert
then run the LDAP Browser, make a config for your LDAP server, with SSL enabled, and when you first connect it will get the Trusted Root, prompt you to Trust it once, always, or never. Select Always, and exit.
The newly created lbecacert file now has just the one trusted root in it. Cute eh? I use this when I am lazy and it works fine.
Now where should the Tomcat cacerts be? Well it might be sufficient in your JVM install, lib/security to either add the trusted root to the cacerts there, or else replace that file with this one (which is not the best option, since you might want some of those default trusted roots).
Define "correctly". Because jira deletes mails after processing them, I consider it correct enough to monitor the size of the jira mailboxes. If there are mails in those that are older than 10 minutes, or more than 25 mails in total, we consider it a problem and alert.
Best Answer
I got Zabbix to monitor JBoss using the following link.
http://skajla.blogspot.com/2010/07/jboss-monitoring-using-zabbix.html
It basically requires you to enable JMX on your server. Then run his .jar file server-side through UserParameters.
Just make sure your Zabbix Agent has permissions to run the .jar file.
If it returns some garbage values, you may need to change some of JMX parameters, which I had to do.