Saturday, April 18, 2015

HTTPS in Wildfly

Create a certificate store (file name wildfly.jks) placed in configuration directory. Add both CA root public certificate and SSL certificate (including private key, like PKCS#12 format).

Add a security-realm in security-realms section.

        <security-realms>
...
            <security-realm name="SslRealm">
                <server-identities>
                    <ssl>
                        <keystore path="wildfly.jks" relative-to="jboss.server.config.dir" keystore-password="secret4jks" alias="alias-of-ssl-certificate" key-password="secret4certificate"/>
                    </ssl>
                </server-identities>
            </security-realm>
        </security-realms>

Add a https-listener referring the previously defined security-realm

        <subsystem xmlns="urn:jboss:domain:undertow:1.2">
            <buffer-cache name="default"/>
            <server name="default-server">
                <http-listener name="default" socket-binding="http" max-parameters="5000"/>
                <https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm"/>
...
PHA+Q3JlYXRlIGEgY2VydGlmaWNhdGUgc3RvcmUgKGZpbGUgbmFtZSA8c3Ryb25nPndpbGRmbHkuamtzPC9zdHJvbmc+KSBwbGFjZWQgaW4gY29uZmlndXJhdGlvbiBkaXJlY3RvcnkuIEFkZCBib3RoIENBIHJvb3QgIHB1YmxpYyBjZXJ0aWZpY2F0ZSBhbmQgU1NMIGNlcnRpZmljYXRlIChpbmNsdWRpbmcgcHJpdmF0ZSBrZXksIGxpa2UgPHN0cm9uZz5QS0NTIzEyPC9zdHJvbmc+IGZvcm1hdCkuPC9wPg0KPHA+QWRkIGEgPGNvZGU+c2VjdXJpdHktcmVhbG08L2NvZGU+IGluIDxjb2RlPnNlY3VyaXR5LXJlYWxtczwvY29kZT4gc2VjdGlvbi48L3A+DQo8cHJlPjxjb2RlIGNsYXNzPSJsYW5ndWFnZS14bWwiPiAgICAgICAgJmx0O3NlY3VyaXR5LXJlYWxtcyZndDsNCi4uLg0KICAgICAgICAgICAgJmx0O3NlY3VyaXR5LXJlYWxtIG5hbWU9JnF1b3Q7U3NsUmVhbG0mcXVvdDsmZ3Q7DQogICAgICAgICAgICAgICAgJmx0O3NlcnZlci1pZGVudGl0aWVzJmd0Ow0KICAgICAgICAgICAgICAgICAgICAmbHQ7c3NsJmd0Ow0KICAgICAgICAgICAgICAgICAgICAgICAgJmx0O2tleXN0b3JlIHBhdGg9JnF1b3Q7d2lsZGZseS5qa3MmcXVvdDsgcmVsYXRpdmUtdG89JnF1b3Q7amJvc3Muc2VydmVyLmNvbmZpZy5kaXImcXVvdDsga2V5c3RvcmUtcGFzc3dvcmQ9JnF1b3Q7c2VjcmV0NGprcyZxdW90OyBhbGlhcz0mcXVvdDthbGlhcy1vZi1zc2wtY2VydGlmaWNhdGUmcXVvdDsga2V5LXBhc3N3b3JkPSZxdW90O3NlY3JldDRjZXJ0aWZpY2F0ZSZxdW90Oy8mZ3Q7DQogICAgICAgICAgICAgICAgICAgICZsdDsvc3NsJmd0Ow0KICAgICAgICAgICAgICAgICZsdDsvc2VydmVyLWlkZW50aXRpZXMmZ3Q7DQogICAgICAgICAgICAmbHQ7L3NlY3VyaXR5LXJlYWxtJmd0Ow0KICAgICAgICAmbHQ7L3NlY3VyaXR5LXJlYWxtcyZndDsNCjwvY29kZT48L3ByZT4NCjxwPkFkZCBhIDxjb2RlPmh0dHBzLWxpc3RlbmVyPC9jb2RlPiByZWZlcnJpbmcgdGhlIHByZXZpb3VzbHkgZGVmaW5lZCA8Y29kZT5zZWN1cml0eS1yZWFsbTwvY29kZT48L3A+DQo8cHJlPjxjb2RlIGNsYXNzPSJsYW5ndWFnZS14bWwiPiAgICAgICAgJmx0O3N1YnN5c3RlbSB4bWxucz0mcXVvdDt1cm46amJvc3M6ZG9tYWluOnVuZGVydG93OjEuMiZxdW90OyZndDsNCiAgICAgICAgICAgICZsdDtidWZmZXItY2FjaGUgbmFtZT0mcXVvdDtkZWZhdWx0JnF1b3Q7LyZndDsNCiAgICAgICAgICAgICZsdDtzZXJ2ZXIgbmFtZT0mcXVvdDtkZWZhdWx0LXNlcnZlciZxdW90OyZndDsNCiAgICAgICAgICAgICAgICAmbHQ7aHR0cC1saXN0ZW5lciBuYW1lPSZxdW90O2RlZmF1bHQmcXVvdDsgc29ja2V0LWJpbmRpbmc9JnF1b3Q7aHR0cCZxdW90OyBtYXgtcGFyYW1ldGVycz0mcXVvdDs1MDAwJnF1b3Q7LyZndDsNCiAgICAgICAgICAgICAgICAmbHQ7aHR0cHMtbGlzdGVuZXIgbmFtZT0mcXVvdDtkZWZhdWx0LXNzbCZxdW90OyBzb2NrZXQtYmluZGluZz0mcXVvdDtodHRwcyZxdW90OyBzZWN1cml0eS1yZWFsbT0mcXVvdDtTc2xSZWFsbSZxdW90Oy8mZ3Q7DQouLi4NCg0KPC9jb2RlPjwvcHJlPg0K
Posted by at

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )