search cancel

Wildfly application server ssl config for Identity manager 14.x.


Article ID: 17058


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On


This has been tested for Wildfly 8.2.1 running with CA Identity Manager r14.0 and r14.1.

How to configure the Wildfly JBoss to get a secure connection with IM application from https browsers?


Wildfly 8.2.x running with CA Identity Manager r14.x.


Step 1: Creating a keystore 

cd <WILDFLY_HOME>\standalone\configuration 


keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950


One important issue is the common name (CN) of the certificate.

For some reason this is referred to as "first and last name".

It should however match the full qualified name of the application server, or some browsers like IE will claim the certificate to be invalid although you may have accepted it already.


Step 2: Adding a security realm.

Edit the configuration/standalone.xml.

Add the following "SslRealm" security realm into the <management><security-realms> section:

<security-realm name="SslRealm">



<keystore path="foo.keystore" relative-to="jboss.server.config.dir" keystore-password="secret"/>





Step 3: Adding a listener for https.

Edit the configuration/standalone.xml.

Add the listener for https (<subsystem xmlns="urn:jboss:domain:undertow:1.2">) into the <server name="default-server"> section just after the <http-listener name="default" socket-binding="http"/> line as following:

<https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm"/>


Now ssl is configured and the website is secured.