How to configure SSL in WildFly 10 standalone mode

How to configure SSL in WildFly 10 standalone mode and change default ssl port to 443?

Important: From WildFly 8 onwards Web subsystem is replaced by Undertow subsystem.

 You can use any profile listed below.

1) standalone.xml
2) standalone-full.xml
3) standalone-full-ha.xml
4) standalone-ha.xml

NOTE: Just for demo purpose I am using selfsigned ssl certificates you can configure CA signed certificates in the same way.

Step1:

• open standalone.xml
•  Now under management option create custom security-realm with any name you want I have given "SslRelam as shown below:

<security-realm name="SslRealm">
<server-identities>
<ssl>
<keystore path="F:\NCM_PROD_SETUP\wildfly-10.0.0.CR5\standalone\configuration\ssl_cert\ncm.keystore" alias="ncm" keystore-password="123456" />
</ssl>
</server-identities>
</security-realm>

Step2:

• Under profile option expand undertow subsystem there are two main parts which are server and Servlet container configuration

          Add https-listener under server for SslRealm created in step1:

<https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm"/>

Save the changes and Restart WildFly Server.

Step3:

Change Default WilfFly https port 8443 to 443.

• Under <socket-binding-group> change 8443 to 443

<socket-binding name="https" port="443"/>

Save the changes and Restart WildFly Server.

Please refer below  link to generate selfsigned ssl certificates

How to generate selfsigned certificates using java keytool command

How to configure SSL for Jboss Management Console.

How to Secure Jboss EAP 6.2 Management console?

Note:  Click Here to refer my previous blog on how to configure ssl in jboss standalone mode

I am going to use the same Selfsigned keystore file to configure SSL for Jboss Management Console.

Step1: Edit: $JBOSS_HOME/standalone/standalone.xml and make the below configuration changes, save the changes.

<management>
<security-realms>
<security-realm name="ManagementRealm">

<server-identities>
<ssl>
<keystore path="ncm.keystore" relative-to="jboss.server.config.dir" password="123456"/>
</ssl>
</server-identities>
</security-realm>
</security-realms> 

<management-interfaces>
<http-interface security-realm="ManagementRealm">
<socket-binding https="management-https"/>
</http-interface>
</management-interfaces>
</management>

Step2: Restart the Jboss Server and test https://localhost:9443/console

How to configure SSL for Jboss Management Console.

How to configure SSL in jboss Standalone mode?

How to generate and install SSL in jboss standalone mode?

Note: I am using Self signed certificate for demo purpose (Please do not use the same in production)

Step1: Generate Self signed SSL certificate using Java keytool

Note: You will need to have java environment variable set Click Here to refer to my previous post on
How to install java and set environment variables in linux

Command: keytool -genkey -alias ncm -keyalg RSA -keystore ncm.keystore -validity 365

Update with SHA256 algorithm:- keytool -genkey -alias ncm -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 365 -keypass "Password" -keystore ncm.jks -storepass "Password"

keytool -export -alias ncm -file server.cer -keystore ncm.jks -storepass Changeit

Note: keep the password for keystore and keyfile same  so that you will remember easily.

Step2: Place the generated key $JBOSS_HOME/standalone/configuration/

Step3: Edit $JBOSS_HOME/standalone/configuration/standalone.xml and add the HTTPS connector

<connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" enable-lookups="false" secure="true">
<ssl name="ncm-ssl" password="123456" protocol="TLSv1" key-alias="ncm" certificate-key-file="../standalone/configuration/ncm.keystore" />
</connector>

Step4: Start/restart the jboss server and Test the configuration by browsing url https://localhost:8443


How to configure SSL in Jboss EAP 6.2 Standalone mode

How to Install Jboss on linux Server

What is Jboss?

JBoss is a applications server and is a J2EE platform for developing and deploying enterprise Java applications, Web applications and services, and portals.

Prerequisites: jdk 1.6 or 1.7 to be installed: How to install jdk in linux

How to install Jboss Eap 6.2 on linux.

Step1: Go to https://www.jboss.org and download "jboss-eap-6.2.0.zip" for linux

Step2: Create Jboss user and password

Command: useradd -d /opt/app/jboss -s /bin/bash -m jboss
Command: password jboss

Step3: Copy "jboss-eap-6.2.0.zip" to /opt/app/jboss

Step4: Unzip jboss-eap-6.2.0.zip

Command: unzip jboss-eap-6.2.0.zip

Step5: Change the ownership

Command: chown -R jboss:jboss /opt/app/jboss/jboss-eap-6.2
Command: chown -R 775 /opt/app/jboss/jboss-eap-6.2

Step6: Set JBOSS_HOME for newly installed Jboss, Create a file jboss.sh and place it under /etc/profile.d/ with below content.

Command: cat  jboss.sh > export JBOSS_HOME=/opt/app/jboss/jboss-eap-6.2
save and exit wq!

Source the jboss.sh

Command: source /etc/profile.d/jboss.sh

Step7: Now you are done with jboss installation

Step8: Test the installation depend upon your type (Domain mode or Standalone mode),

$JBOSS_HOME/bin/./standalone.sh

$JBOSS_HOME/bin/./domain.sh