Enable HTTPS / SSL for Wildfly
Tech-Today

Enable HTTPS / SSL for Wildfly


Here are the steps I run through to enable SSL / HTTPS for Wildfly 14.

Notice that instead of generating a key / certificate pair we instead use a special type of container for java which is a keystore. A keystore is a single file that contains both the key and the certificate.

Assuming we are trying to secure the website broodcamp.com, here are the steps:
1.) Generate the key, in the Firstname and Lastname entry, enter your FQDN, which in our case broodcamp.com
>keytool -genkey -alias broodcamp.com -keyalg RSA -keystore keycloak.jks

2.) Convert the keystore to pkcs12 format.
>keytool -importkeystore -srckeystore keycloak.jks -destkeystore keycloak.jks -deststoretype pkcs12

3.) Generate a certificate request that we will submit to a  certificate broker like namecheap.com. We will be using a Comodo PositiveSSL certificate from namecheap: https://www.namecheap.com/security/ssl-certificates/comodo/positivessl.aspx.
>keytool -certreq -alias broodcamp.com -keystore keycloak.jks > keycloak.careq
*In order to validate the certificate, I use domain validation and added a CNAME. You can also use email, etc.

4.) After validation, you should received a zipped file from namecheap that contains 3 files, the certificate, the bundle and the p7b. We will use the p7b which already contain the certificate chain and import to our keystore.
>keytool -import -alias broodcamp.com -trustcacerts -file broodcamp_com.p7b -keystore keycloak.jks
keytool -list -v -keystore keycloak.jks

*Now we have a signed certificate and here's how it should look like in Windows.

Next series of steps are to modify Wildfly's standalone.xml file to enable SSL. 

5.) Modify ApplicationRealm and add the keystore.
After:   <security-realm name="ApplicationRealm"> add:
<ssl>
<keystore alias="server" generate-self-signed-certificate-host="localhost" key-password="password" keystore-password="password" path="application.keystore" relative-to="jboss.server.config.dir"></ssl>

6.) Search for:  <server name="default-server"> and add:

7.) If you're using java and you have a web.xml in your application, you need to enable the SSL transport. For example you have a resource manifest and want to secure it.
Manifest
/rest/manifest/manifest
CONFIDENTIAL

And before I forgot, if you are using Wildfly, it means you are running on port 8080 by default and 8443 for HTTPS. So make sure to redirect the request to 8443 and not 443.




- Enable Https On Wordpress In Amazon
This tutorial will help us install Wordpress on Amazon using a Wordpress image provided by Bitnami. We will also enable HTTPS by using an Amazon's elastic load balancer and a WordPress plugin. Steps Create an EC2 instance and install this Wordpress...

- Setting Up Elk And Pushing Relational Data Using Logstash Jdbc Input Plugin And Secrets Keystore
IntroductionIn this tutorial, we will go over the installation of Elasticsearch. We will also show you how to configure it to gather and visualize data from a database. Logstash is an open source tool for collecting, parsing and storing logs/data for...

- Keycloak Overlay Installation Failed
While playing with keycloak I have encountered several related problems: Keycloak 3.2.1 downloadable with samples is not working running.Installing keycloak 3.2.1 overlay on Wildfly 10.1.Final fails.Errors are:Caused by: org.jboss.modules.ModuleNotFoundException:...

- How To Signin To Keycloak Using Google
There are 3 set of steps that we must follow in order to come up with a web project that will allow us to login using google's identity provider. Set 1 - Create a google applicationCreate a google application at https://console.developers.google.com...

- How To Register Your Business Under Sole Proprietorship In The Philippines
Requirements Certificate of Business Name Registration from the Department of Trade and Industry (DTI).Barangay/Municipality/Regional clearance, depending on the scale and scope of intended operations.Business permit from the local mayor's office....



Tech-Today








.