Wildfly application server ssl config for Identity manager 14.x.

Article Id: 17058

Status: Published

Updated On: 14-02-2018 07:47

Legacy Id: TEC1384917

Products:

CA Identity Manager , CA Identity Governance , CA Identity Portal , CA Risk Analytics , CA Secure Cloud SaaS - Arcot A-OK (WebFort) , CA Secure Cloud SaaS - Advanced Authentication , CA Secure Cloud SaaS - Identity Management , CA Secure Cloud SaaS - Single Sign On

Issue/Introduction:

This has been tested for Wildfly 8.2.1 running with CA Identity Manager r14.0 and r14.1.

How to configure the Wildfly JBoss to get a secure connection with IM application from https browsers?

Environment:

Wildfly 8.2.x running with CA Identity Manager r14.x.

Resolution:

Step 1: Creating a keystore

cd <WILDFLY_HOME>\standalone\configuration

E.g.:

keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950

Note:

One important issue is the common name (CN) of the certificate.

For some reason this is referred to as "first and last name".

It should however match the full qualified name of the application server, or some browsers like IE will claim the certificate to be invalid although you may have accepted it already.

Step 2: Adding a security realm.

Edit the configuration/standalone.xml.

Add the following "SslRealm" security realm into the <management><security-realms> section:

<security-realm name="SslRealm">

<server-identities>

<ssl>

<keystore path="foo.keystore" relative-to="jboss.server.config.dir" keystore-password="secret"/>

</ssl>

</server-identities>

</security-realm>

Step 3: Adding a listener for https.

Edit the configuration/standalone.xml.

Add the listener for https (<subsystem xmlns="urn:jboss:domain:undertow:1.2">) into the <server name="default-server"> section just after the <http-listener name="default" socket-binding="http"/> line as following:

<https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm"/>

Now ssl is configured and the website is secured.