DEV Community

Cover image for πŸ›  Setup WildFly SSL
Orestis Pantazos
Orestis Pantazos

Posted on • Edited on

πŸ›  Setup WildFly SSL

#devops #java #security

DevOps should configure SSL support on WildFly application servers for security reasons. The following steps describe how to configure HTTPS on local server for the web application:

Step 1:

Generate a keystore and self-signed certificate

Ensure that Java is installed and setup on JAVA_HOME properly as JRE keytool will be used for this purpose.

Switch to a command-line and execute the following command as shown below:

$ keytool -genkey -alias mycert -keyalg RSA -keystore mycert.keystore -validity 365

The aforementioned command has some default sets, and also prompts the developer to enter additional information as shown below:

What is your first and last name? [Unknown]: Orestis Pantazos What is the name of your organizational unit? [Unknown]: Open DevOps What is the name of your organization? [Unknown]: opendevops.dev What is the name of your City or Locality? [Unknown]: Athens What is the name of your State or Province? [Unknown]: Greece What is the two-letter country code for this unit? [Unknown]: GR Is CN=Orestis Pantazos, OU=Open DevOps, O=opendevops.dev, L=Athens, ST=Greece, C=GR correct? [no]: yes
Enter fullscreen mode Exit fullscreen mode

Step 2:

The command generates mycert.keystore file in the folder that you are currently working. Copy this to your WildFly config directory (%JBOSS_HOME%/standalone/config)

Step 3:

Configure the additional WildFly Security Realm

The next step is to configure the new keystore as a server identity for SSL in the WildFly security-realms section of the standalone.xml. You can insert the source code after <management> tag and also inside <security-realms> tag in the XML file.

<management> <security-realms> <security-realm name="UndertowRealm"> <server-identities> <ssl> <keystore path="mycert.keystore" relative-to="jboss.server.config.dir" keystore-password="secret" alias="mycert" key-password="secret"/> </ssl> </server-identities> </security-realm>
Enter fullscreen mode Exit fullscreen mode

Step 4:

Configure Undertow Subsystem for SSL

If the default-server is running, add the https-listener to the undertow subsystem:

<subsystem xmlns="urn:jboss:domain:undertow:1.2"> <server name="default-server"> <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
Enter fullscreen mode Exit fullscreen mode

Replace only the word UndertowRealm with the previous one for https listener in the given namespace into security-realm="...".

Step 5:

SSL port of the current instance is already for connection in https://localhost:8443/. Otherwise, the SSL port can be changed to 443 as default port number in the end/bottom of the file.

Source:
https://opendevops.dev/setup-wildfly-ssl/

Top comments (0)