I have an existing application that is being migrated to JBoss WildFly 8.1.0 and will be deployed in CentOS. One of the requirements we have is to have the applications be FIPS 140-2 compliant. I understand that we have to go through independent provider to get the certification but wanted to get an idea of how to make the applications FIPS compliant. I was looking at Mozilla NSS but not getting much with the steps to configure JBoss WildFly to use NSS.
Used the info from this blog and Red Hat Site for setting up PKCS11-NSS provider and then added below steps to get it working:
Add new socket-binding under socket-binding-group.
<socket-binding name="https-myapp" port="7443"/>
Add https-listener under subsystem/undertow
<https-listener name="https-myapp-listener" socket-binding="https-myapp" security-realm="MyAppRealm" enabled-protocols="TLSv1" enabled-cipher-suites="TLS_RSA_WITH_AES_128_CBC_SHA" />
Add security realm under management/security-realms
<security-realm name="MyAppRealm">
<server-identities>
<ssl>
<keystore provider="PKCS11" keystore-password="******" alias="*****"/>
</ssl>
</server-identities>
</security-realm>