godday ssl could not be configured
32 views
Skip to first unread message
Xavier Rajan
Jul 14, 2025, 4:36:18 PM7/14/25
to WildFly
i have purchased the ssl from godaddy.com
the zip contains 2 .crt files and 1 .pem file
i am using wildfly 26 version
kindly advice me how to install the ssl and configure it.
thanks
Jose Socola
Jul 14, 2025, 7:07:03 PM7/14/25
to Xavier Rajan, WildFly
Hi Xavier,
First joins all crt called all-bundle and create p12 and then create the jks file with superpassword...
-----BEGIN RSA PRIVATE KEY-----
(Private Key: domain_name.key contents)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Primary SSL certificate: domain_name.crt contents)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate certificate: certChainCA.crt contents)
-----END CERTIFICATE----
2. Configure Manual standalone.xml and file inside relative to jboss /opt/wildfly/standalone/configuration/ssl/mycertificate.jks
<tls>
<key-stores>
<key-store name="ssl-realm">
<credential-reference clear-text="superpassword"/>
<implementation type="JKS"/>
<file path="ssl/mycertificate.jks" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="ssl-realm-manager" key-store="ssl-realm">
<credential-reference clear-text="superpassword"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="ssl-realm-context" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.3" key-manager="ssl-realm-manager"/>
</server-ssl-contexts>
</tls>
<key-stores>
<key-store name="ssl-realm">
<credential-reference clear-text="superpassword"/>
<implementation type="JKS"/>
<file path="ssl/mycertificate.jks" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="ssl-realm-manager" key-store="ssl-realm">
<credential-reference clear-text="superpassword"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="ssl-realm-context" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.3" key-manager="ssl-realm-manager"/>
</server-ssl-contexts>
</tls>
......
<server name="default-server">
<http-listener name="default" socket-binding="http" record-request-start-time="true" no-request-timeout="60000" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" record-request-start-time="true" ssl-context="ssl-realm-context" enable-http2="true" http2-enable-push="false"/>
<host name="default-host" alias="localhost,mydomain">
<location name="/" handler="welcome-content"/>
.....
</host>
</server>
<http-listener name="default" socket-binding="http" record-request-start-time="true" no-request-timeout="60000" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" record-request-start-time="true" ssl-context="ssl-realm-context" enable-http2="true" http2-enable-push="false"/>
<host name="default-host" alias="localhost,mydomain">
<location name="/" handler="welcome-content"/>
.....
</host>
</server>
......
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
<socket-binding name="http" port="${jboss.http.port:80}"/>
<socket-binding name="https" port="${jboss.https.port:443}"/>
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
<socket-binding name="http" port="${jboss.http.port:80}"/>
<socket-binding name="https" port="${jboss.https.port:443}"/>
2. Other option configure via Jboss-cli
jboss-cli.sh --connect
/subsystem=elytron/key-store=ssl-realm-context:add(path=ssl/mycertificate.jks, relative-to=jboss.server.config.dir, credential-reference={clear-text=superpassword}, type=JKS)
/subsystem=elytron/server-ssl-context=server-ssl-context:add(key-store=ssl-realm-context, credential-reference={clear-text=superpassword})
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context, value=ssl-realm-context)
reload
I hope I don't miss something
Regards,
JS
--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wildfly/ca9f3084-ab4a-4d14-a5a4-c40cf0c1f569n%40googlegroups.com.
Alexander Belya (AlexSW)
Jul 14, 2025, 10:11:52 PM7/14/25
to WildFly
Hi!
Jose, you made a bit of a mistake in the commands.
Judging by the configuration blocks provided, the commands should look like this:
/subsystem=elytron/key-store=ssl-realm:add(path=ssl/mycertificate.jks, relative-to=jboss.server.config.dir, credential-reference={clear-text=superpassword}, type=JKS)
/subsystem=elytron/key-manager=ssl-realm-manager:add(key-store="ssl-realm",credential-reference={clear-text="superpassword"})
/subsystem=elytron/server-ssl-context=ssl-realm-context:add(cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256",protocols=["TLSv1.3"],key-manager="ssl-realm-manager")
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context, value=ssl-realm-context)
reload
вторник, 15 июля 2025 г. в 09:07:03 UTC+10, Jose Socola:
Reply all
Reply to author
Forward
0 new messages