Wildfly with SSL
tavleen Aug 30, 2016 12:23 PMHi
I am trying to use SSL for the wildfly. So far the steps i took are :-
1. <security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore provider="BouncyCastle" path="../bootstrap_keystore.bouncyks" relative-to="jboss.server.config.dir" keystore-password="zzz" key-password="zzz"/>
</ssl>
</server-identities>
....other stuff ....
</security-realm>
2. Add the https-listener in undertow
<https-listener name="httpsServer" security-realm="ApplicationRealm" socket-binding="https"/>
Started the wildfly and https worked !!
Now tricky part
My application basically a SAR, is responsible for creating keystore bootstrap_keystore.bouncyks (based on some calculations). Now if i start the wildfly , the keystore is yet to be created, however my wildfly start is also on progress.
So basically is there any way in which i can make sure that loading of SSL keystore can wait till the SAR work is done.
Below there is a sample which was used in JBoss 5. Any equivalent hook which we can provide for wildfly 10.
_________________________________________________________________________________________________________________________________________________________________________________________________________________________________
Initially in JBoss 5, we were using JaasSecurityDomain mbean depends tag on the service .
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="jboss.security:service=PBESecurityDomain">
<constructor>
<arg type="java.lang.String" value="encrypt-keystore-password"/>
</constructor>
<attribute name="KeyStoreType">BouncyCastle</attribute>
<attribute name="TrustStoreType">BouncyCastle</attribute>
<attribute name="KeyStoreURL">file:///${jboss.server.home.dir}/bootstrap_keystore.bouncyks</attribute>
<attribute name="KeyStorePass">zzz</attribute>
<depends>smc.jboss:service=Bootstrapper</depends>
</mbean>
Thanks & Regards
Tavleen