WildFly Keystore Generation & HTTPS Setup Guide

[santosh]

WildFly Keystore Generation & HTTPS Setup Guide

Overview
This guide covers generating a keystore and configuring HTTPS in WildFly including ports 8443 for applications and 9993 for the admin console.

Step 1 - Generate the Keystore
Run on: WildFly Application Server

Use the keytool command to generate the keystore:

Code:

keytool -genkeypair \
  -alias wildfly \
  -keyalg RSA \
  -keystore wildfly.keystore \
  -storetype JKS \
  -storepass YOUR_STORE_PASSWORD \
  -keypass YOUR_KEY_PASSWORD \
  -validity 365 \
  -dname "CN=yourdomain.com, OU=YourOrgUnit, O=YourOrg, L=YourCity, ST=YourState, C=YourCountry"

Parameter explanation:

• -alias: Alias name for the key e.g. wildfly
  
• -keyalg: Encryption algorithm e.g. RSA
  
• -keystore: Keystore filename e.g. wildfly.keystore
  
• -storepass: Password for the keystore. Must match the TLS config in standalone.xml
  
• -keypass: Password for the key. Must match the keystore password
  
• -validity: Number of days the certificate remains valid e.g. 365
  
• -dname: Distinguished Name for the certificate. Replace with your actual domain and org details
  

Step 2 - Place Keystore in WildFly Directory
Run on: WildFly Application Server

Move the keystore to WildFly configuration directory:

Code:

mv wildfly.keystore /opt/wildfly/standalone/configuration/

Set correct ownership and permissions:

Code:

chown wildfly:wildfly /opt/wildfly/standalone/configuration/wildfly.keystore
chmod 600 /opt/wildfly/standalone/configuration/wildfly.keystore

Step 3 - Verify the Keystore
Run on: WildFly Application Server

Inspect the generated keystore to ensure it is valid:

Code:

keytool -list -v \
  -keystore /opt/wildfly/standalone/configuration/wildfly.keystore \
  -storepass YOUR_STORE_PASSWORD

Step 4 - Configure TLS in standalone.xml
Run on: WildFly Application Server

Edit the standalone.xml file:

Code:

sudo nano /opt/wildfly/standalone/configuration/standalone.xml

Add the following TLS configuration:

Code:

<tls>
    <key-stores>
        <key-store name="SSLKeyStore">
            <credential-reference clear-text="YOUR_STORE_PASSWORD"/>
            <implementation type="JKS"/>
            <file path="wildfly.keystore" relative-to="jboss.server.config.dir"/>
        </key-store>
    </key-stores>
    <key-managers>
        <key-manager name="SSLKeyManager" key-store="SSLKeyStore">
            <credential-reference clear-text="YOUR_STORE_PASSWORD"/>
        </key-manager>
    </key-managers>
    <server-ssl-contexts>
        <server-ssl-context name="SSLContext" key-manager="SSLKeyManager"/>
    </server-ssl-contexts>
</tls>

Step 5 - Restart WildFly
Run on: WildFly Application Server

Code:

/opt/wildfly/bin/standalone.sh

Or if running as a service:

Code:

sudo systemctl restart wildfly
sudo systemctl status wildfly

Step 6 - Verify HTTPS Ports
Run on: WildFly Application Server

Check if HTTPS ports are active:

Code:

netstat -tuln | grep -E '8443|9993'

Expected output:

Code:

tcp    0    0 0.0.0.0:8443    0.0.0.0:*    LISTEN
tcp    0    0 0.0.0.0:9993    0.0.0.0:*    LISTEN

Step 7 - Test Access

Test the following URLs in your browser:

• Admin Console: https://yourdomain.com:9993/console/index.html
  
• Application: https://yourdomain.com:8443/
  

Summary

• Keystore generated using Java keytool command
  
• Keystore placed in WildFly configuration directory with correct permissions
  
• TLS configuration added to standalone.xml
  
• WildFly restarted to apply changes
  
• HTTPS now active on port 8443 for apps and 9993 for admin console
  
• Always use strong passwords for keystore in production
  
• Consider using a proper SSL certificate from Let's Encrypt for production instead of self-signed