Profile Photo
HI   maybe you can assis with this or guide for alternative solution   I ran this command: sudo certbot certonly --manual --preferred-challenges http -d my-domain.co.il -d www.my-domain.co.il --manual-auth-hook /opt/SSLCertificates/authenticator.sh --non-interactive --manual-public-ip-logging-ok     where opt/SSLCertificates/authenticator.sh… (Show more)
in WildFly
Profile Photo
We've upgraded form 10 to 17, so we can use multiple domains and certificates, but now we're receiving a handshake error connecting to our SMTP server. We believe it's because our client trust store is not specified in standalone.xml, but the security configuration is so different, and there's no documentation for setting this up.
in WildFly
Profile Photo
Is wildfly-config.xml is mandatory for WildFly Naming Client? I have removed it and used the Programmatic Approach because of this: wildfly-config.xml contains user creds which will be available as principal in EJB. We have multiple users using same client. Also using a custom security realm. So user creds will change each time.   But the… (Show more)
in WildFly
Profile Photo
First, I am using Thorntail 2.4.0.Final (WildFly Core 7.0.0.Final) with Elytron 1.7.0.Final on Java 1.8.0_212 so please let me know if I should be or would more likely get help posting in another forum.   6/17/2019 Update: I received a recommendation to limit this post to the minimum Elytron configuration related to the two-way SSL/TLS so the… (Show more)
in WildFly
Profile Photo
The WildFly 11 release includes a new security framework WildFly Elytron, a number of blog posts are being written by a number of engineers so this article is to try and collect references to them in one location.   Although this initially contains links to blog posts written by the core engineering teams feel free to add links to any blog posts…
in WildFly
Profile Photo
For certificate-based authentication, the client presents its X.509 certificate chain to the server. The server then verifies this certificate chain using its truststore. The truststore only needs to contain certificates for root certificate authorities or intermediate certificate authorities, it doesn’t need to contain the individual client… (Show more)
in Farah Juma's blog posts
Profile Photo
Since the feature development phase for WildFly 18 has now started, we wanted to highlight the security features that we are planning to work on for this release.   Planned Features  The features in this first set are ones that were actively developed during the WildFly 17 feature development phase. Many of these are now close to being merged:  … (Show more)
in Farah Juma's blog posts
Profile Photo
A new security feature that we have been working on is enhancing the way an X.509 certificate chain gets mapped to an underlying identity. Although this feature didn’t make it into WildFly 17, the plan is to have it included in WildFly 18. This blog post will give an overview of this new feature.   X.509 certificate chain evidence  For… (Show more)
in Farah Juma's blog posts
Profile Photo
One of the new security features that we have been working on is adding support for TLS 1.3 to WildFly. Although this feature didn’t make it into WildFly 17, the plan is to have it included in WildFly 18. This blog post will give a quick introduction to this feature.   Server Side Configuration  Within the Elytron subsystem in WildFly, the… (Show more)
in Farah Juma's blog posts
Profile Photo
We are trying to use the Elytron v 1.7.0 security with WildFly 15.0.1 Final version. We can configure the JDBC realm with Oracle XE 11g and as such there are no issues if everything is in clear text. Our main purpose is to secure our EJBs so that only the principals with approved roles and identities can access them. However, we need the… (Show more)
in WildFly
Load more items