an issue about ssl configuration in wildfly 9 with a vault expression
itoti Sep 18, 2015 11:53 PMhi,i have some issue like this:
i config ssl in wildfly 9 in standalone.xml
<security-realms>
<security-realm name="SslRealm">
<server-identities>
<ssl>
<keystore path="my.keystore" relative-to="jboss.server.config.dir" keystore-password="Acrosspm@2013"/>
</ssl>
</server-identities>
i want to use vault.sh to encrypt this password ,but vault tool in wildfly 9 only support jcks keystore. if i use jks keystore ,it will show wrong like
=========================================================================
JBoss Vault
JBOSS_HOME: /opt/wildfly_9/wildfly-9.0.1.Final
JAVA: /opt/netwatcher/pm4h2/app/opt/jdk1.8.0_51/bin/java
=========================================================================
**********************************
**** JBoss Vault ***************
**********************************
Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
0
Starting an interactive session
Enter directory to store encrypted files: /opt/wildfly_9/wildfly-9.0.1.Final/standalone/configuration/
Enter Keystore URL: /opt/wildfly_9/wildfly-9.0.1.Final/standalone/configuration/my.keystore
Enter Keystore password:
Enter Keystore password again:
Values match
Enter 8 character salt: 12345678
Enter iteration count as a number (e.g.: 44): 50
Enter Keystore Alias: pmserver
WFLYSEC0056: Initializing Vault
WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered:
Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
so,i try to use jcks keystore .it works! vault tool support it. and i get my configruation .
<vault>
<vault-option name="KEYSTORE_URL" value="/opt/wildfly_9/wildfly-9.0.1.Final/standalone/configuration/wildfly.store"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-0Mvr5Mh9WycddzuV1sSsHL"/>
<vault-option name="KEYSTORE_ALIAS" value="wildflyVault"/>
<vault-option name="SALT" value="12345678"/>
<vault-option name="ITERATION_COUNT" value="50"/>
<vault-option name="ENC_FILE_DIR" value="/opt/wildfly_9/wildfly-9.0.1.Final/standalone/configuration/"/>
</vault>
but the jcks keystore is can not used in wildfly 9‘s standalone.xml for ssl configuration .when i start wildfly ,it not works!. i think the ssl configuration in wildfly is only support jck keystore.
so i don’t known how to config ssl configuration with a vault expressions.please give me some advice.