How To Configure HTTPS and Remove HTTP from Wildfly in PAMSC
search cancel

How To Configure HTTPS and Remove HTTP from Wildfly in PAMSC

book

Article ID: 276628

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

In the past with jboss we got some documents on how to perform this operation, nothing found for wildfly so for this the request

Environment

PAMSC 14.1 ENTM

Cause

For vulnerability reasons, customer request to remove access to HTTP in Enterprise Management Console

Resolution

 

1. Stop WildFly

2. Change the following items from the standalone-full.xml

 

  • Locate the following line and change the value from http value to management-https

<socket-binding http="management-http"/>
To
<socket-binding http="management-https"/>

  • Locate the following two lines and change the socket-binding values to https

<http-connector endpoint="http-acceptor" name="http-connector" socket-binding="http"/>
<http-connector endpoint="http-acceptor-throughput" name="http-connector-throughput" socket-binding="http">

To
<http-connector endpoint="http-acceptor" name="http-connector" socket-binding="https"/>
<http-connector endpoint="http-acceptor-throughput" name="http-connector-throughput" socket-binding="https">

  • Locate the following two lines and change the http-listener values to https

<http-acceptor http-listener="default" name="http-acceptor"/>
<http-acceptor http-listener="default" name="http-acceptor-throughput">

To 

<http-acceptor http-listener="https" name="http-acceptor"/>
<http-acceptor http-listener="https" name="http-acceptor-throughput">

  • Locate the following line and change the connector-ref value to https

<http-connector connector-ref="default" name="http-remoting-connector" security-realm="ApplicationRealm"/>

To

<http-connector connector-ref="https" name="http-remoting-connector" security-realm="ApplicationRealm"/>

  • Locate the following line and comment it or remove it.

<http-listener enable-http2="true" name="default" redirect-socket="https" socket-binding="http"/>

To 

<!- <http-listener enable-http2="true" name="default" redirect-socket="https" socket-binding="http"/> -->

  • Locate the following lines and comment it or remove them.

<socket-binding interface="management" name="management-http" port="19990"/>
<socket-binding name="http" port="18080"/>

To 

<!-- <socket-binding interface="management" name="management-http" port="19990"/> -->
<!-- <socket-binding name="http" port="18080"/> -->

 

3. Delete the tmp directory (Path: <WILDFLY_INSTALLED_DIRECTORY>\standalone\tmp) from the WildFly Installed directory

4. Start WildFly

Powered by Wolken Software