DevOps should configure SSL support on WildFly application servers for security reasons. The following steps describe how to configure HTTPS on local server for the web application:
Generate a keystore and self-signed certificate
Ensure that Java is installed and setup on
JAVA_HOME properly as JRE keytool will be used for this purpose.
Switch to a command-line and execute the following command as shown below:
$ keytool -genkey -alias mycert -keyalg RSA -keystore mycert.keystore -validity 365
The aforementioned command has some default sets, and also prompts the developer to enter additional information as shown below:
What is your first and last name? What is the name of your organizational unit? [Unknown]: Profile Software What is the name of your organization? What is the name of your City or Locality? What is the name of your State or Province? What is the two-letter country code for this unit? Is CN=localhost, OU=Profile Software, O=profilesw.com, L=Athens, ST=Greece, C=GR correct?
The command generates mycert.keystore file in the folder that you are currently working. Copy this to your WildFly config directory (
Configure the additional WildFly Security Realm
The next step is to configure the new keystore as a server identity for SSL in the WildFly security-realms section of the
standalone.xml. You can insert the source code after
<management> tag and also inside
<security-realms> tag in the XML file.
<management> <security-realms> <security-realm name="UndertowRealm"> <server-identities> <ssl> <keystore path="mycert.keystore" relative-to="jboss.server.config.dir" keystore-password="secret" alias="mycert" key-password="secret"/> </ssl> </server-identities> </security-realm>
Configure Undertow Subsystem for SSL
If the default-server is running, add the https-listener to the undertow subsystem:
<subsystem xmlns="urn:jboss:domain:undertow:1.2"> <server name="default-server"> <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
Replace only the word
UndertowRealm with the previous one for https listener in the given namespace into
SSL port of the current instance is already for connection in
https://localhost:8443/. Otherwise, the SSL port can be changed to 443 as default port number in the end/bottom of the file.