SSL in Wildfly 8.2.0

Since wildfly uses undertow the configuration of SSL has changed. You can follow these steps to get SSL running:

  • Create a keystore with keys:
cd $WILDFLY_HOME/standalone/configuration
keytool -genkey -alias localhost -keyalg RSA -keystore keystore.jks -keysize 4096

You need to replace “localhost” with your domain name.

NOTE: Your browser will complain that the connection is unsecure because we have no officially signed certificate. Look for a tutorial to create a keypair and a certificate sign request (csr) that you have to send to a certification authority (ca).

  • Configure the SslRealm:
<management>
  <security-realms>
...
    <security-realm name="SslRealm">
      <server-identities>
        <ssl>
          <keystore path="keystore.jks" relative-to="jboss.server.config.dir" keystore-password="changeme"/>
        </ssl>
      </server-identities>
    </security-realm>
...
  </security-realms>
...
  •  And add a listener:
<subsystem xmlns="urn:jboss:domain:undertow:1.2">
  <buffer-cache name="default"/>
  <server name="default-server">
    <http-listener name="default" socket-binding="http"/>
    <https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm"/>

Now you should be able to access your wildfly under https://localhost:8433/.

Leave a Reply