-
1. Re: How do I install a Lets Encrypt certificate on Ubuntu for Wildfly?
mchoma Oct 25, 2018 10:26 AM (in response to alkoch)In WF 14 Lets Encrypt is integrated - tracked by [0] documented by [1].
If you cant migrate to WF14 you can get LetsEncrypt certificate with any LetsEncrypt client and just copy it to WF as any other certificate.
[0] [WFCORE-3396] Provide certificate authority integration - JBoss Issue Tracker
-
2. Re: How do I install a Lets Encrypt certificate on Ubuntu for Wildfly?
alkoch Oct 26, 2018 9:47 PM (in response to mchoma)Hi Martin,
Thanks for your reply; that's very helpful. I am traveling but as soon as I return I will investigate your suggestions. t seems like an upgrade to Wildfly 14 would be the best approach but I don't have any feel for what implications that might have for our software.
-
3. Re: How do I install a Lets Encrypt certificate on Ubuntu for Wildfly?
alkoch Nov 2, 2018 8:39 PM (in response to alkoch)Hi Martin,
I finally have my Wildfly 10 server running under TLS. That is, it's now possible to access the deployed .war running under Wildfly using https://.However, I can't access the Wildfly server's console under TLS. I can access the console using http:// but if I use http://<ipaddress>:<consolehttpsport>/console/App.html#home I get the following error dump in the Wildfly console as the server is starting up:
00:18:29,938 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.serverManagement.controller.management.http: org.jboss.msc.service.StartException in service jboss.serverManagement.controller.management.http: WFLYSRV0083: Failed to start the http-interface service
at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:275)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalArgumentException: WFLYDMHTTP0012: A secure socket has been defined for the HTTP interface, however the referenced security realm is not supplying a SSLContext.
at org.jboss.as.domain.http.server.ManagementHttpServer.create(ManagementHttpServer.java:172)
at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:235)
... 5 more
To enable TLS for the console I made the following changes to standalone.xml:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:<consolehttpsport>}"/>
and also
<management-interfaces>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<socket-binding https="management-https/>
As I was saying, I know that TLS is effectively working for the server since I can access my app running under the server using TLS. So it appears I am missing some additional step to get the console to be have TLS access.
Can you point me to a set of instructions that explains how to do this since I have had to piece together what I know so far from several dated references.
Thank you.console/App.html#home
-
4. Re: How do I install a Lets Encrypt certificate on Ubuntu for Wildfly?
alkoch Nov 6, 2018 12:48 PM (in response to alkoch)Hi Martin,
Thanks for your prior response; I've marked it as the answer. Also, I moving my following question about console access to a new forum posting.