I didn't know about this until recently, but inexpensive SSL certificates ($30 USD / year) can be used. P.s. I am not affiliated with GoDaddy. If you find other cheap and trusted CA, feel free to post in the comments.
I was a bit skeptical about whether the root certificate is trusted in the browser and in various OS's. Of the machines i tried, it seems to work fine. So below is a brief end to end instructions on how to enable your Rights Management ES instance (jboss) using a trusted CA signed certificate.
Step 1: Generate java keystore
Step 2: Generate certificate request
Step 3: purchase a Standard SSL certificate
Follow instructions provided by the CA, and paste certificate signing request when requested.
Step 4: importing the various certificates into your java keystore
After successfully purchasing a certificate, you will be sent a set of certificates. A root, a chain, an intermediate, and your site certificate. Follow the instructions below to import the certificates into your keystore.
Step 5: update server.xml
First copy the .keystore into a known location. I used JBOSS_HOME\server\all\conf. Then update the server.xml located at JBOSS_HOME\server\all\deploy\jbossweb-tomcat55.sar as below.
