HTTPS configuration for Wildfly

1, HTTPS
HTTPS is a layer of encryption on the basis of HTTP, the commonly used encryption algorithm is RSA, asymmetric key encryption, the principle based on large number of factorization, the need for public and private keys, public key external, private key confidentiality, with public key encryption, the private key to decrypt.
I test the environment we use the JDK comes with the tool generated, the specific operation is as follows:
1. Generate a certificate for the server:
Keytool-genkey-v-alias wildfly-keyalg rsa-keystore C:\wildfly.keystore-validity 36500
Password:ondfge23
What is your first and last name?
113.240.224.231

2. Generate a certificate for the client:
Keytool-genkey-v-alias mykey-keyalg rsa-storetype pkcs12-keystore C:\mykey.p12
password:onassd234
What is your first and last name?
113.240.224.231


3. Let the server trust the client certificate:
Export client Certificates
Keytool-export-alias mykey-keystore C:\mykey.p12-storetype pkcs12-storepass onassd234-rfc-file C:\mykey.cer
Import to server-side keystore, password ondfge23
Keytool-import-v-file C:\mykey.cer-keystore C:\wildfly.keystore
View KeyStore Keys
Keytool-list-keystore C:\wildfly.keystore

4. Let the client trust the server certificate:

Keytool-keystore C:\wildfly.keystore-export-alias Wildfly-file C:\wildfly.cer

The resulting certificate is as follows:

2, Configuration Standalone.xml
First specify the generated certificate, configure the permission level is background managementrealm, can also be set to apply level Applicationrealm, for example in this article

 <security-realms>            < Security-realm name= "Managementrealm" >                <server-identities>                     <ssl protocol= "TLSv1" >                        <keystore path= "C:\wildfly.keystore" keystore-password= "Ondfge23"/ >                    </ssl>                 </server-identities>                 <authentication>                     <localDefault-user= "$local" skip-group-loading= "true"/>                     <properties path= "Mgmt-users.properties" Relative-to= "Jboss.server.config.dir"/>                 </authentication>                 <authorization map-groups-to-roles= "false" >                     <properties path= " Mgmt-groups.properties "relative-to=" Jboss.server.config.dir "/>                 </authorization>             </security-realm>             <security-realm NAMe= "Applicationrealm" >                 <authentication>                     <local default-user= "$local" allowed-users= "*" skip-group-loading= "true"/ >                     <properties path= "application-users.properties" relative-to= "Jboss.server.config.dir"/>                 </authentication>                 <authorization >                     <properties path= "application-roles.properties" relative-to= "Jboss.server.config.dir"/>                 </authorization>             </security-realm>         </security-realms>

Configure the listening port, specify that the binding is named HTTPS, and other similar:

<socket-binding-group name= "Standard-sockets" default-interface= "Public" port-offset= "${jboss.socket.binding.port-offset:0}" > <socket-binding name= " Management-http "interface=" Management "port=" ${jboss.management.http.port:9990} "/> <socket-binding name=" Ma Nagement-https "interface=" Management "port=" ${jboss.management.https.port:9993} "/> <socket-binding name=" AJ P "port=" ${jboss.ajp.port:8009} "/> <socket-binding name=" http "port=" ${jboss.http.port:8090} "/> < ; socket-binding name= "https" port= "${jboss.https.port:8443}"/> <socket-binding name= "txn-recovery-environmen T "port=" 4712 "/> <socket-binding name=" Txn-status-manager "port=" 4713 "/> <outbound-socket-bindin G Name= "Mail-smtp" > <remote-destination host= "localhost" port= "/> </outbound-socket-bindi" Ng> </socket-binding-group> 

Make the listener HTTPS configuration effective, using a binding called HTTPS, with a security level of Managementrealm:

<subsystem xmlns= "urn:jboss:domain:undertow:3.0" > <buffer-cache name= "Default"/> <ser  Ver name= "Default-server" >  

 


Effective operation can also be done in the background graphical interface

3. Verification:
Start the service

Enter https://127.0.0.1:9443 in the browser

A lock appears in the input box, which is configured to complete.
Diagram Wildfly 8.X Configuring HTTPS
 
 
 
HTTPS configuration for Wildfly