+- DevOps Discussion Forum (https://forums.geekssolutions.io)
+-- Forum: Cloud Computing (https://forums.geekssolutions.io/forumdisplay.php?fid=10)
+--- Forum: DevOps (https://forums.geekssolutions.io/forumdisplay.php?fid=14)
+--- Thread: WildFly Keystore Generation & HTTPS Setup Guide (/showthread.php?tid=7)
WildFly Keystore Generation & HTTPS Setup Guide - santosh - 04-07-2026
WildFly Keystore Generation & HTTPS Setup Guide
Overview
This guide covers generating a keystore and configuring HTTPS in WildFly including ports 8443 for applications and 9993 for the admin console.
Step 1 - Generate the Keystore
Run on: WildFly Application Server
Use the keytool command to generate the keystore:
Code:
keytool -genkeypair \
-alias wildfly \
-keyalg RSA \
-keystore wildfly.keystore \
-storetype JKS \
-storepass YOUR_STORE_PASSWORD \
-keypass YOUR_KEY_PASSWORD \
-validity 365 \
-dname "CN=yourdomain.com, OU=YourOrgUnit, O=YourOrg, L=YourCity, ST=YourState, C=YourCountry"Parameter explanation:
- -alias: Alias name for the key e.g. wildfly
- -keyalg: Encryption algorithm e.g. RSA
- -keystore: Keystore filename e.g. wildfly.keystore
- -storepass: Password for the keystore. Must match the TLS config in standalone.xml
- -keypass: Password for the key. Must match the keystore password
- -validity: Number of days the certificate remains valid e.g. 365
- -dname: Distinguished Name for the certificate. Replace with your actual domain and org details
Step 2 - Place Keystore in WildFly Directory
Run on: WildFly Application Server
Move the keystore to WildFly configuration directory:
Code:
mv wildfly.keystore /opt/wildfly/standalone/configuration/Set correct ownership and permissions:
Code:
chown wildfly:wildfly /opt/wildfly/standalone/configuration/wildfly.keystore
chmod 600 /opt/wildfly/standalone/configuration/wildfly.keystoreStep 3 - Verify the Keystore
Run on: WildFly Application Server
Inspect the generated keystore to ensure it is valid:
Code:
keytool -list -v \
-keystore /opt/wildfly/standalone/configuration/wildfly.keystore \
-storepass YOUR_STORE_PASSWORDStep 4 - Configure TLS in standalone.xml
Run on: WildFly Application Server
Edit the standalone.xml file:
Code:
sudo nano /opt/wildfly/standalone/configuration/standalone.xmlAdd the following TLS configuration:
Code:
<tls>
<key-stores>
<key-store name="SSLKeyStore">
<credential-reference clear-text="YOUR_STORE_PASSWORD"/>
<implementation type="JKS"/>
<file path="wildfly.keystore" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="SSLKeyManager" key-store="SSLKeyStore">
<credential-reference clear-text="YOUR_STORE_PASSWORD"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="SSLContext" key-manager="SSLKeyManager"/>
</server-ssl-contexts>
</tls>Step 5 - Restart WildFly
Run on: WildFly Application Server
Code:
/opt/wildfly/bin/standalone.shOr if running as a service:
Code:
sudo systemctl restart wildfly
sudo systemctl status wildflyStep 6 - Verify HTTPS Ports
Run on: WildFly Application Server
Check if HTTPS ports are active:
Code:
netstat -tuln | grep -E '8443|9993'Expected output:
Code:
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9993 0.0.0.0:* LISTENStep 7 - Test Access
Test the following URLs in your browser:
- Admin Console: https://yourdomain.com:9993/console/index.html
- Application: https://yourdomain.com:8443/
Summary
- Keystore generated using Java keytool command
- Keystore placed in WildFly configuration directory with correct permissions
- TLS configuration added to standalone.xml
- WildFly restarted to apply changes
- HTTPS now active on port 8443 for apps and 9993 for admin console
- Always use strong passwords for keystore in production
- Consider using a proper SSL certificate from Let's Encrypt for production instead of self-signed