0 Replies Latest reply on Aug 30, 2016 12:23 PM by tavleen

    Wildfly with SSL

    tavleen

      Hi

       

      I am trying to use SSL for the wildfly. So far the steps i took are :-

      1. <security-realm name="ApplicationRealm">

                     <server-identities>

                          <ssl>

                              <keystore provider="BouncyCastle"  path="../bootstrap_keystore.bouncyks" relative-to="jboss.server.config.dir" keystore-password="zzz" key-password="zzz"/>

                          </ssl>

                      </server-identities>

                     ....other stuff ....

          </security-realm>

      2. Add the https-listener in undertow

            <https-listener name="httpsServer" security-realm="ApplicationRealm" socket-binding="https"/>

       

      Started the wildfly and https worked !!

       

      Now tricky part

      My application basically a SAR, is responsible for creating keystore bootstrap_keystore.bouncyks (based on some calculations). Now if i start the wildfly , the keystore is yet to be created, however my wildfly start is also on progress.

      So basically is there any way in which i can make sure that loading of SSL keystore can wait till the SAR work is done.

      Below there is a sample which was used in JBoss 5. Any equivalent hook which we can provide for wildfly 10.

       

       

      _________________________________________________________________________________________________________________________________________________________________________________________________________________________________

      Initially in JBoss 5, we were using JaasSecurityDomain mbean depends tag on the service .

       

      <mbean code="org.jboss.security.plugins.JaasSecurityDomain"

                 name="jboss.security:service=PBESecurityDomain">

              <constructor>

                  <arg type="java.lang.String" value="encrypt-keystore-password"/>

              </constructor>

              <attribute name="KeyStoreType">BouncyCastle</attribute>

              <attribute name="TrustStoreType">BouncyCastle</attribute>

              <attribute name="KeyStoreURL">file:///${jboss.server.home.dir}/bootstrap_keystore.bouncyks</attribute>

              <attribute name="KeyStorePass">zzz</attribute>

              <depends>smc.jboss:service=Bootstrapper</depends>

          </mbean>

       

       

       

       

      Thanks & Regards

      Tavleen