WILDFLY 25 SSL CONFIGURATION

1,744 views
Skip to first unread message

emran sayed

unread,
Dec 15, 2021, 11:50:43 AM12/15/21
to WildFly
Hi ALL;

can you please provide wildfly 25 ssl configuration document if any one provide details information will help us

Regarsds
Emran Sayed

Farah Juma

unread,
Dec 15, 2021, 2:03:56 PM12/15/21
to WildFly
Documentation on how to configure SSL with WildFly can be found here:

emran sayed

unread,
Dec 18, 2021, 3:00:22 AM12/18/21
to Farah Juma, WildFly
Hi Farah

Thanks for sharing but can not understand can you please send standalone mode SSL configuration in wildfly

Regards
Emran Sayed

--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/32e33617-ff8d-48d3-87b5-430c84993668n%40googlegroups.com.

Farah Juma

unread,
Dec 20, 2021, 10:41:21 AM12/20/21
to WildFly
The steps in section 4.3.1 in the linked WildFly documentation are for standalone mode.

Sounds Essential

unread,
Dec 21, 2021, 4:10:16 PM12/21/21
to WildFly
Did you figure this out yet? If not I have some steps you could follow. I still need to figure out the differences between the original xml and the ssl configured xml.

Fernando Pulupa Pasquel

unread,
Jan 26, 2022, 3:15:41 PM1/26/22
to WildFly
I don't understand the documentation either.

In old doc. you can add ssl certification so.

            <security-realm name="SslRealm">
                <server-identities>
                    <ssl>
                        <keystore path="midomain.com.jks" relative-to="jboss.server.config.dir" keystore-password="password"/>
                    </ssl>
                </server-identities>
            </security-realm>

And change                 <https-listener name="https" socket-binding="https" security-realm="SslRealm" enable-http2="true"/>

What is the different from 25 versión. Y use godaddy and comoco certificate.

Fernando Pulupa Pasquel

unread,
Jan 28, 2022, 3:53:33 PM1/28/22
to WildFly
I answer myself

find

            <tls>
in tag
                <key-stores>
                    <key-store name="applicationKS">

Change wit yours data.

                    <key-store name="applicationKS">
                        <credential-reference clear-text="mypass"/>
                        <implementation type="JKS"/>
                        <file path="mydomain.com.jks" relative-to="jboss.server.config.dir"/>
                    </key-store>
                </key-stores>
                <key-managers>
                    <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
                        <credential-reference clear-text="mypass"/>
                    </key-manager>
                </key-managers>

Not need more. This works!

Muhammad Zeeshan

unread,
Jan 31, 2022, 10:23:31 AM1/31/22
to WildFly
I have the same configuration in standalone.xml file but it's not working. I also posted a question on Stackoverflow with complete details.

Muhammad Zeeshan

unread,
Jan 31, 2022, 10:23:31 AM1/31/22
to WildFly
Hi,

I've same configurations in my environment but it doesn't work for me. I may be missing something but I would appreciate any help.

I've also posted question on StackOverflow as below:

Best

On Saturday, January 29, 2022 at 1:53:33 AM UTC+5 fensef...@gmail.com wrote:

Farah Juma

unread,
Jan 31, 2022, 2:31:04 PM1/31/22
to WildFly
Are there any error messages in the server log? It's not clear that the error you're seeing is related to the SSL configuration. Many things could cause "This site can't be reached".

Muhammad Zeeshan

unread,
Feb 2, 2022, 3:24:25 AM2/2/22
to WildFly
Hi,

Thank you so much for the response. I literally don't see any error in logs but I observed following:

When I enter :
https://localhost/<api-url> it gives me a warning but does serve the page and I can also see my ssl certificate.
https://<homepage.abc.com>/<api> it does not serve the page and shows "This site can't be reached".

...so, it seems localhost has to change with the domain name but I'm not sure where to change it.

I also changed the https port from 8443 to 443 in standalone.xml file as below but it didn't work.

<socket-binding name="https" port="${jboss.https.port:443}"/>

Niko W

unread,
Feb 9, 2022, 11:30:22 AM2/9/22
to WildFly
I can really recommend to start Wildfly without any changes regarding https/ssl and then implement this via the steps of the documentation
https://docs.jboss.org/author/display/WFLY/Using%20the%20Elytron%20Subsystem.html

after that you can diff standalone.xml before and after and implement the changes which where made in your automation (e.g. for other stages).

kind regards,
Niko

Muhammad Zeeshan

unread,
Feb 11, 2022, 5:56:02 AM2/11/22
to WildFly
Hi Niko,

Thank you for your response.

I followed the instruction mentioned here but it's still not working. This time I did from scratch so no manual configuration in standalone.xml file.

I can see the changes have been applied but still the url is unable to serve the request over https. For example:
https://abc.com/api doesn't work.

Niko W

unread,
Feb 11, 2022, 6:38:50 AM2/11/22
to WildFly
Have you tried if your application runs/serves via http at first? Maybe there is some other problem left.

If it already works with http://abc.com/api, then there seems to be really only a problem with the https configuration.

Have you implemented only the part or something more?

Muhammad Zeeshan

unread,
Feb 11, 2022, 7:12:55 AM2/11/22
to WildFly
Hi Niko,

Much appreciated your prompt response. our application is running with localhost like http://localhost:8080/api and not with domain name such that http://abc.com/api.
I've only implemented this [1] part because currently we are using wildfly 8.1.0.Final which we are trying to migrate to 26.0.1.Final, and in 8.1.0 we are also using One-way SSL/TLS which is working fine there.

[1] Enable One-way SSL/TLS for Applications

Niko W

unread,
Feb 11, 2022, 9:47:09 AM2/11/22
to WildFly
Hi,

Can you share your command to start jboss?
Seems to me that you bind jboss only to localhost when starting.

Regarding https config, does https://localhost:443/api also work?

I use this command (with nohup.. in a shell script) to start my instance. This binds jboss to all interfaces (0.0.0.0)
./standalone.sh -b 0.0.0.0 -Djboss.bind.address.management=0.0.0.0 -Dorg.apache.xml.dtm.DTMManager="org.apache.xml.dtm.ref.DTMManagerDefault"

There should be a entry in your jboss server.log like..
[0m10:49:19,606 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:80
[0m10:49:19,606 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:443

Another option is that you can check with netstat for the open socket when started, should be something like:
netstat -anp | grep 80
...
tcp        0      0 0.0.0.0:80           0.0.0.0:*               LISTEN      3348/java

netstat -anp | grep 443
...
tcp        0      0 0.0.0.0:443           0.0.0.0:*               LISTEN      3348/java

hope this helps a bit.

kind regards,
Niko

Muhammad Zeeshan

unread,
Feb 14, 2022, 6:04:23 AM2/14/22
to WildFly
Hi Niko,

Hope you had good weekend.

I was executing standalone.bat file directly without passing any parameter which I'm sure was causing to serve the request over https.

Today I tried with your command as below:
PS C:\wildfly-26.0.1.Final\bin> .\standalone.bat -b 0.0.0.0 "-Djboss.bind.address.management=0.0.0.0" "-Dorg.apache.xml.dtm.DTMManager='org.apache.xml.dtm.ref.DTMManagerDefault'"

...this time, it was successful in serving request over https. If that's the case then how could we make it as service.
Reply all
Reply to author
Forward
0 new messages