Reputation: 355
Setting up ssl certificate on Wildfly 19 using letencrypt certificate
I am trying to implement the SSL certificate on the wildfly 19.0.0-Final, running on CentOS centos-release-7-7.1908.0.el7.centos.x86_64 with Java openjdk version "1.8.0_242" OpenJDK Runtime Environment (build 1.8.0_242-b08) OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode)
I have performed the following steps to map say https://www.example.com domain to my wildfly content payslip
I have my keystore at the following location : /opt/wildfly-19.0.0.Final/standalone/configuration/www.example.com.jks
Adding certificate to server. http://www.mastertheboss.com/jboss-server/jboss-security/complete-tutorial-for-configuring-ssl-https-on-wildfly
Login to management console at sh /opt/wildfly-19.0.0.Final/bin/jboss-cli.sh Connect
Then run the following script
batch
# Configure Server Keystore
/subsystem=elytron/key-store=demoKeyStore:add(path=server.keystore,relative-to=jboss.server.config.dir, credential-reference={clear-text=secret},type=JKS)
# Server Keystore credentials
/subsystem=elytron/key-manager=demoKeyManager:add(key-store=demoKeyStore,credential-reference={clear-text=secret})
# Server keystore Protocols
/subsystem=elytron/server-ssl-context=demoSSLContext:add(key-manager=demoKeyManager,protocols=["TLSv1.2"])
# This is only needed if WildFly uses by default the Legacy security realm
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
# Store SSL Context information in undertow
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=demoSSLContext)
run-batch
reload
Now it will add a tls section to configuration file
Which will look like
<tls>
<key-stores>
<key-store name="demoKeyStore">
<credential-reference clear-text="secret"/>
<implementation type="JKS"/>
<file path="server.keystore" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="demoKeyManager" key-store="demoKeyStore">
<credential-reference clear-text="secret"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="demoSSLContext" protocols="TLSv1.2" key-manager="demoKeyManager"/>
</server-ssl-contexts>
</tls>
Stop wildfly to start making changes to config.
/usr/sbin/wildfly-19.0.0.Final stop
Stopping wildfly:
Change it to
<tls>
<key-stores>
<key-store name="demoKeyStore">
<credential-reference clear-text="Some1pwD"/>
<implementation type="JKS"/>
<file path="www.example.com.jks" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="demoKeyManager" key-store="demoKeyStore">
<credential-reference clear-text="Some1pwD"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="demoSSLContext" protocols="TLSv1.2" key-manager="demoKeyManager"/>
</server-ssl-contexts>
</tls>
/usr/sbin/wildfly-19.0.0.Final start
I am unable to access the wildfly on https://www.example.com while http://www.example.com is working
Upvotes: 1
Views: 1897
Answers (1)
Reputation: 151
It's possible to obtain certificates from Let's Encrypt using the WildFly CLI. Take a look at the following blog post that describes how to do this:
There's also additional documentation in Section 4.3.6 here:
https://docs.wildfly.org/19/WildFly_Elytron_Security.html#configure-ssltls
Note that to make use of a new certificate without needing to restart the server, you just need to re-initialize your key-manager (e.g., /subsystem=elytron/key-manager=httpsKM:init()).
Upvotes: 1
Related Questions
- SSL certificate installation on Wildfly server
- Enabling SSL in Wildfly 17: Browser is showing certificate is not valid
- SSL configuration is not working in Wildfly 26.0.1
- WildFly 9 enable client certificate authentication
- WildFly 11 - Use certificate to make https requests
- SSL Cert. Not found EAP
- How to import SSL into WildFly
- SSL not working in Wildfly
- how to configure ssl in wildfly 8.2.0 server?
- how to configure mutual certificate authentication