How to enable https on wildfly and tls 1.2

In this post we will describe step by step how to enable the https protocol on wildfly and enable the desired security protocols.
To activate SSL communication in Wildfly, perform the following steps:

Create a digital certificate using the following steps:
Execute the following command:

keytool -genkey -alias rcm -keyalg RSA -keystore server1.keystore

The server1.keystore file generates. Copy the file and place it in /standalone\configuration folder.
Execute the following command:

Windows :

"%JAVA_HOME%e\bin\keytool" -v -export -alias rcm -keystore "<Wildfly_home>\standalone\configuration\server1.keystore" -storepass [email protected] -file example.cer

Linux :

keytool -v -export -alias rcm -keystore %Wildfly_home/standalone/configuration/server1.keystore -storepass [email protected] -file example.cer

The example.cer file generates.
Execute the following command to copy example.cer file:

Windows :

"%JAVA_HOME%\bin\keytool" -v -import-keystore "%JAVA_HOME%\jre\lib\security\cacerts" -storepass changeit -alias myalias1 -file example.cer

Linux :

keytool -v -import-keystore $JAVA_HOME%/jre/lib/security/cacerts -storepass changeit -alias myalias1 -file example.cer

Open the standalone.xml or your custom standalone.xml file from “<Wildfly_home>\standalone\configuration” folder.
Provide the following keystore information in the ApplicationRealm or your custom security realm block:

 <security-realm name="ApplicationRealm">
    <server-identities>
        <ssl>
            <keystore path="MY_KEYSTORE_FILENAME" relative-to="jboss.server.config.dir" keystore-password="[email protected]" alias="MY_ALIAS" key-password="[email protected]"/>
        </ssl>
    </server-identities>

Search for block and place the following property below this block.
To enable only TLSv1.2:

 <https-listener name="httpsserver" socket-binding="https" allow-equals-in-cookie-value="true" security-realm="ApplicationRealm" enabled-protocols="TLSv1.2"/>

To enable all protocols:

 <https-listener name="httpsserver" socket-binding="https" allow-equals-in-cookie-value="true" security-realm="ApplicationRealm />

If your clients will use very old browsers, I suggest you also enable the tls 1.0 and 1.1 protocols because they may not work with the tls 1.2 protocol.

To enable specific protocols:

 <https-listener name="httpsserver" socket-binding="https" allow-equals-in-cookie-value="true" security-realm="ApplicationRealm enabled-protocols="TLSv1,TLSv1.1,TLS1.2” />

Now Start the server.
The SSL/TLS is activated for Wildfly.

Enjoy 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *