Wildfly application server ssl config for Identity manager 14.x.

book

Article ID: 17058

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

This has been tested for Wildfly 8.2.1 running with CA Identity Manager r14.0 and r14.1.



How to configure the Wildfly JBoss to get a secure connection with IM application from https browsers?

Environment

Wildfly 8.2.x running with CA Identity Manager r14.x.

Resolution

Step 1: Creating a keystore 

cd <WILDFLY_HOME>\standalone\configuration 

E.g.:

keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950

Note:

One important issue is the common name (CN) of the certificate.

For some reason this is referred to as "first and last name".

It should however match the full qualified name of the application server, or some browsers like IE will claim the certificate to be invalid although you may have accepted it already.

 

Step 2: Adding a security realm.

Edit the configuration/standalone.xml.

Add the following "SslRealm" security realm into the <management><security-realms> section:

<security-realm name="SslRealm">

<server-identities>

<ssl>

<keystore path="foo.keystore" relative-to="jboss.server.config.dir" keystore-password="secret"/>

</ssl>

</server-identities>

</security-realm>

 

Step 3: Adding a listener for https.

Edit the configuration/standalone.xml.

Add the listener for https (<subsystem xmlns="urn:jboss:domain:undertow:1.2">) into the <server name="default-server"> section just after the <http-listener name="default" socket-binding="http"/> line as following:

<https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm"/>

 

Now ssl is configured and the website is secured.