DEV Community

Cover image for 
๐Ÿ›  Setup WildFly SSL
Orestis Pantazos
Orestis Pantazos

Posted on โ€ข Edited on

3 2

๐Ÿ›  Setup WildFly SSL

DevOps should configure SSL support on WildFly application servers for security reasons. The following steps describe how to configure HTTPS on local server for the web application:

Step 1:

Generate a keystore and self-signed certificate

Ensure that Java is installed and setup on JAVA_HOME properly as JRE keytool will be used for this purpose.

Switch to a command-line and execute the following command as shown below:

$ keytool -genkey -alias mycert -keyalg RSA -keystore mycert.keystore -validity 365

The aforementioned command has some default sets, and also prompts the developer to enter additional information as shown below:

What is your first and last name?
  [Unknown]:  Orestis Pantazos
What is the name of your organizational unit?
  [Unknown]:  Open DevOps
What is the name of your organization?
  [Unknown]:  opendevops.dev
What is the name of your City or Locality?
  [Unknown]:  Athens
What is the name of your State or Province?
  [Unknown]:  Greece
What is the two-letter country code for this unit?
  [Unknown]:  GR
Is CN=Orestis Pantazos, OU=Open DevOps, O=opendevops.dev, L=Athens, ST=Greece, C=GR correct?
  [no]:  yes
Enter fullscreen mode Exit fullscreen mode

Step 2:

The command generates mycert.keystore file in the folder that you are currently working. Copy this to your WildFly config directory (%JBOSS_HOME%/standalone/config)

Step 3:

Configure the additional WildFly Security Realm

The next step is to configure the new keystore as a server identity for SSL in the WildFly security-realms section of the standalone.xml. You can insert the source code after <management> tag and also inside <security-realms> tag in the XML file.

<management>
    <security-realms>
        <security-realm name="UndertowRealm">
            <server-identities>
                <ssl>
                    <keystore path="mycert.keystore" relative-to="jboss.server.config.dir" keystore-password="secret" alias="mycert" key-password="secret"/>
                </ssl>
            </server-identities>
        </security-realm>
Enter fullscreen mode Exit fullscreen mode

Step 4:

Configure Undertow Subsystem for SSL

If the default-server is running, add the https-listener to the undertow subsystem:

<subsystem xmlns="urn:jboss:domain:undertow:1.2">
    <server name="default-server">
        <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
Enter fullscreen mode Exit fullscreen mode

Replace only the word UndertowRealm with the previous one for https listener in the given namespace into security-realm="...".

Step 5:

SSL port of the current instance is already for connection in https://localhost:8443/. Otherwise, the SSL port can be changed to 443 as default port number in the end/bottom of the file.

Source:
https://opendevops.dev/setup-wildfly-ssl/

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where youโ€™ll build it, break it, debug it, and fix it. Youโ€™ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good olโ€™ AI to find and fix issues fast.

RSVP here โ†’

Top comments (0)

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

๐Ÿ‘‹ Kindness is contagious

Please leave a โค๏ธ or a friendly comment on this post if you found it helpful!

Okay