DEV Community

Cover image for šŸ›  Setup WildFly SSL
Orestis Pantazos
Orestis Pantazos

Posted on • Edited on

šŸ›  Setup WildFly SSL

#devops #java #security

DevOps should configure SSL support on WildFly application servers for security reasons. The following steps describe how to configure HTTPS on local server for the web application:

Step 1:

Generate a keystore and self-signed certificate

Ensure that Java is installed and setup on JAVA_HOME properly as JRE keytool will be used for this purpose.

Switch to a command-line and execute the following command as shown below:

$ keytool -genkey -alias mycert -keyalg RSA -keystore mycert.keystore -validity 365

The aforementioned command has some default sets, and also prompts the developer to enter additional information as shown below:

What is your first and last name?
  [Unknown]:  Orestis Pantazos
What is the name of your organizational unit?
  [Unknown]:  Open DevOps
What is the name of your organization?
  [Unknown]:  opendevops.dev
What is the name of your City or Locality?
  [Unknown]:  Athens
What is the name of your State or Province?
  [Unknown]:  Greece
What is the two-letter country code for this unit?
  [Unknown]:  GR
Is CN=Orestis Pantazos, OU=Open DevOps, O=opendevops.dev, L=Athens, ST=Greece, C=GR correct?
  [no]:  yes
Enter fullscreen mode Exit fullscreen mode

Step 2:

The command generates mycert.keystore file in the folder that you are currently working. Copy this to your WildFly config directory (%JBOSS_HOME%/standalone/config)

Step 3:

Configure the additional WildFly Security Realm

The next step is to configure the new keystore as a server identity for SSL in the WildFly security-realms section of the standalone.xml. You can insert the source code after <management> tag and also inside <security-realms> tag in the XML file.

<management>
    <security-realms>
        <security-realm name="UndertowRealm">
            <server-identities>
                <ssl>
                    <keystore path="mycert.keystore" relative-to="jboss.server.config.dir" keystore-password="secret" alias="mycert" key-password="secret"/>
                </ssl>
            </server-identities>
        </security-realm>
Enter fullscreen mode Exit fullscreen mode

Step 4:

Configure Undertow Subsystem for SSL

If the default-server is running, add the https-listener to the undertow subsystem:

<subsystem xmlns="urn:jboss:domain:undertow:1.2">
    <server name="default-server">
        <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
Enter fullscreen mode Exit fullscreen mode

Replace only the word UndertowRealm with the previous one for https listener in the given namespace into security-realm="...".

Step 5:

SSL port of the current instance is already for connection in https://localhost:8443/. Otherwise, the SSL port can be changed to 443 as default port number in the end/bottom of the file.

Source:
https://opendevops.dev/setup-wildfly-ssl/

Top comments (0)

Read next

rengond profile image

Efficiently Handling High Concurrency with AWS Lambda SnapStart: A Step-by-Step Guide

Renaldi -

jignect_technologies profile image

Rest Assured Basics: A Beginner's Guide to Automated API Testing in Java

JigNect Technologies -

idsulik profile image

Introducing Helm CEL: A More Expressive Way to Validate Your Helm Charts

Suleiman Dibirov -

realnamehidden1_61 profile image

Java Stream.distinct()

realNameHidden -