awswildfly

Create and enable SSL in WildFly

Create an SSL certificate

The commands required to create a self-signed certificate for WildFly are shown below:

$ cd /opt/bitnami/wildfly/standalone/configuration
$ sudo keytool -genkey -alias server -keyalg RSA -validity 3650 -keysize 2048 -keystore server.keystore
$ sudo chown wildfly:wildfly ./server.keystore

Enable SSL

If your application includes lines similar to this in its web.xml file, you are forcing secure connections to WildFly:

<user-data-constraint>
     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

To achieve this, you must first enable SSL connections in WildFly. Follow the steps below:

  • Make sure that you have a SSL certificate for WildFly stored in a keystore. Read more about this in the WildFly documentation.

  • Edit your WildFly server configuration file at /opt/bitnami/wildfly/standalone/configuration/standalone.xml and add a new security realm as shown below:

    <security-realm name="ssl-realm">
     <server-identities>
      <ssl>
       <keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="keystore_password" alias="server" key-password="key_password" />
      </ssl>
     </server-identities>
    </security-realm>
    
  • Modify the default listener in your WildFly configuration file above:

    <!--<http-listener name="default" socket-binding="http" />-->
    <https-listener name="default" socket-binding="https" security-realm="ssl-realm"/>
    
  • Restart the WildFly server.

    $ sudo /opt/bitnami/ctlscript.sh restart wildfly
    
Last modification September 4, 2018