-
1. Re: Different SSL certificates for different web applications
g.hohl Dec 17, 2018 10:01 AM (in response to g.hohl)Okay, after playing around with my Maven build I finally got an error while deploying:
{ "WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.ApplicationDomainB"], "WFLYCTL0180: Services with missing/unavailable dependencies" => [ "jboss.deployment.subunit.\"services-ear-1.0.0.ear\".\"service1-1.0.0.war\".undertow-deployment.UndertowDeploymentInfoService is missing [jboss.security.security-domain.ApplicationDomainB]", "jboss.deployment.subunit.\"services-ear-1.0.0.ear\".\"service2-1.0.0.war\".undertow-deployment.UndertowDeploymentInfoService is missing [jboss.security.security-domain.ApplicationDomainB]", "jboss.deployment.subunit.\"services-ear-1.0.0.ear\".\"service2-1.0.0.war\".component.ServiceResource.CREATE is missing [jboss.security.security-domain.ApplicationDomainB]" ] }
Seems WildFly doesn't know the security-domain ApplicationDomainB also I entered it into the configuration.
And when having a look at my standalone-full.xml file again, I saw that there are two types of security-domains defined:
- In the Elytron 4.0 subsystem I have security-domains and security-realms. There I also have configured my "ApplicationDomainB" security-domain which can't be found when deploying.
- In the Security 2.0 subsystem there are 4 security-domains pre-defined: other, jboss-web-policy, jaspitest and jboss-ejb-policy. As these are not SSL related I also didn't enter or alter anything here.
How are these two connected? Can I enter a SSL based security-domain in the Security 2.0 subsystem? Or reference an Elytron 4.0 security-domain?
-
2. Re: Different SSL certificates for different web applications
mchoma Dec 19, 2018 5:58 AM (in response to g.hohl)Please step back. "I want the web applications only be accessible through 1 port. I read that you can do that by putting the security-domain into the jboss-web.xml of your web application". This is not true. Where have you read that?
Certificate is related to hostname (not port, not app). You can do virtual hosts with Undertow and specify wildcard Certificate for https-listener. Or use load balancer in front of WildFly. But you can not configure two certificates for one https-listener.
-
3. Re: Different SSL certificates for different web applications
g.hohl Jan 11, 2019 9:40 AM (in response to mchoma)Hello Martin,
of course I can bind one certificate only to one HTTPS port. That's exactly what I did and it also works. Means depending on which port you connect to with your e.g. browser via HTTPS, you get the corresponding certificate.
But now my problem is how can I bind different web applications to different HTTPS ports. Means I want to have web application A be presented on HTTPS port 8443 (having certificate I) while I want to have web application B be presented on HTTPS port 8444 (having certificate II).
P.S.: Sorry for the late reply.
-
4. Re: Different SSL certificates for different web applications
g.hohl Feb 13, 2019 3:16 AM (in response to g.hohl)Some similar threads:
Seems I'm not the only struggling with that task.
-
5. Re: Different SSL certificates for different web applications
g.hohl Feb 13, 2019 8:56 AM (in response to g.hohl)Got the answer on StackOverflow:
https://stackoverflow.com/questions/54667022/wildfly-how-to-separate-web-applications
That and this page:
http://www.mastertheboss.com/jboss-web/jbosswebserver/jboss-as-virtual-host-configuration
helped me solving the issue and get everything running. The jboss-web.xml has to have an additional parameter:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web> <jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.org/schema/jbossas http://www.jboss.org/schema/jbossas/jboss-web_7_2.xsd"> <context-root>/myapp</context-root> <service-instance>myapp-server</service-instance> <virtual-host>myapp-host</virtual-host> </jboss-web>
<service-instance> will define which web server instance should be used. In that case WildFly will look for the <virtual-server> in the configuration of that web server.
You can find a snippet of that configuration here: Re: Webservice on separate port
-
6. Re: Different SSL certificates for different web applications
leandrorezende Apr 24, 2019 5:11 PM (in response to g.hohl)Hi Gerrit Hohl.
I am also running a Wildfly instance on my server as a domain and I stucked at a point that you said that managed sucessfully.
The configuration that I need to make is to provide differents SSL certificates on different ports.
As you said that you have no problem doing this task, could you share yours configurations files? Or any configurations example of how to do it?
Thanks in advance.