I need to test my web application with https protocoll at localhost. How could I configure the settings on wildfly to make https://localhost:8443/myapp.html works?
New:
I added this to my security-realm:
<security-realm name="UndertowRealm">
<server-identities>
<ssl protocol="TLS">
<keystore path="my_keystore.jks" relative-to="jboss.server.config.dir" keystore-password="xxx"/>
</ssl>
</server-identities>
</security-realm>
The keystore: my_keystore.jks was generated with java keygen utility and it is in the folder of standalone.xml.
And I added this to my default-server:
<https-listener name="https" socket-binding="https" security-realm="UndertowRealm" />
But now I got an exception like this:
Failed to start service jboss.server.controller.management.security_realm.UndertowRealm.keystore: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.UndertowRealm.keystore: JBAS015229: Unable to start service
at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:155) [wildfly-domain-management-8.0.0.Final.jar:8.0.0.Final]
at org.jboss.as.domain.management.security.FileKeystoreService.start(FileKeystoreService.java:78) [wildfly-domain-management-8.0.0.Final.jar:8.0.0.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.0.Final.jar:1.2.0.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.0.Final.jar:1.2.0.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55]
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) [rt.jar:1.7.0_55]
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) [rt.jar:1.7.0_55]
at java.security.KeyStore.load(KeyStore.java:1214) [rt.jar:1.7.0_55]
at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:114) [wildfly-domain-management-8.0.0.Final.jar:8.0.0.Final]
... 6 more
What is going wrong here?
I think you will have to add an http-listener to the undertow subsystem configuration and configure it propperly with a security realm.
I cannot check this right now but I think this is the correct way to do this. I will try to configure a server this way asap.
Thats how I've set it up once for a customer:
<security-realm name="SSLRealm">
<server-identities>
<ssl protocol="TLS">
<keystore path="serverkeystore" relative-to="jboss.server.config.dir" keystore-password="secureworld" alias="servercert"/>
</ssl>
</server-identities>
<authentication>
<truststore path="servertruststore" relative-to="jboss.server.config.dir" keystore-password="secureworld"/>
</authentication>
</security-realm>
The undertow config:
<https-listener name="default-https" socket-binding="https" security-realm="SSLRealm" verify-client="REQUESTED"/>
unfortunately I can't tell you anything more about this keystore format issue since I'm not very familiar with this topic.