5 Replies Latest reply on May 21, 2016 3:46 PM by Crispin Quizo

    an issue about ssl configuration in wildfly 9 with a vault expression

    yang qingfu Newbie

      hi,i have some issue like this:

      i config ssl in wildfly 9 in standalone.xml

       

          <security-realms>

                 <security-realm name="SslRealm">

                      <server-identities>

                              <ssl>

                               <keystore path="my.keystore" relative-to="jboss.server.config.dir" keystore-password="Acrosspm@2013"/>

                              </ssl>

                       </server-identities>

       

      i want to use vault.sh to encrypt this password ,but vault tool in wildfly 9 only support jcks keystore. if i use jks keystore ,it will show wrong like

      =========================================================================

       

       

        JBoss Vault

       

       

        JBOSS_HOME: /opt/wildfly_9/wildfly-9.0.1.Final

       

       

        JAVA: /opt/netwatcher/pm4h2/app/opt/jdk1.8.0_51/bin/java

       

       

      =========================================================================

      **********************************

      ****  JBoss Vault  ***************

      **********************************

      Please enter a Digit::   0: Start Interactive Session   1: Remove Interactive Session  2: Exit

      0

      Starting an interactive session

      Enter directory to store encrypted files: /opt/wildfly_9/wildfly-9.0.1.Final/standalone/configuration/

      Enter Keystore URL: /opt/wildfly_9/wildfly-9.0.1.Final/standalone/configuration/my.keystore

      Enter Keystore password:

      Enter Keystore password again:

      Values match

      Enter 8 character salt: 12345678

      Enter iteration count as a number (e.g.: 44): 50

      Enter Keystore Alias: pmserver

      WFLYSEC0056: Initializing Vault

      WFLYSEC0059: Exception encountered:WFLYSEC0045: Exception encountered:

      Please enter a Digit::   0: Start Interactive Session   1: Remove Interactive Session  2: Exit

       

       

      so,i try to use jcks keystore .it works! vault tool support it. and i get my configruation .

        <vault>

                <vault-option name="KEYSTORE_URL" value="/opt/wildfly_9/wildfly-9.0.1.Final/standalone/configuration/wildfly.store"/>

                <vault-option name="KEYSTORE_PASSWORD" value="MASK-0Mvr5Mh9WycddzuV1sSsHL"/>

                <vault-option name="KEYSTORE_ALIAS" value="wildflyVault"/>

                <vault-option name="SALT" value="12345678"/>

                <vault-option name="ITERATION_COUNT" value="50"/>

                <vault-option name="ENC_FILE_DIR" value="/opt/wildfly_9/wildfly-9.0.1.Final/standalone/configuration/"/>

             </vault>

       

       

      but the jcks keystore is can not used in wildfly 9‘s standalone.xml  for ssl  configuration .when i start wildfly ,it not works!. i think the ssl configuration in wildfly is only support jck keystore.

       

      so i don’t known how to config  ssl configuration with a vault expressions.please give me some advice.