2017  Kodetalk | Feedback | Privacy Policy | Terms | About
userimage

how to configure COMODO SSL certificate in wildfly server.

Need help to install comodo ssl certificate in wildfly server. If possible step by step guide for doing all.

userimage

Basically to configure SSL or HTTPS configuration in wildfly server:


1st: Generate csr file and keystore file:

keytool -genkey -keyalg RSA -keysize 2048 -keystore certificatename.keystore
keytool -certreq -keyalg RSA -file certificatename.csr -keystore certificatename.keystore

2nd: Open the csr file and get the containt from that and get the crt files from comodo. [Cannot show how to do, this probably you need to take care how to get from comodo ssl]


3rd: Once you got all the crt files you will get a zip file as mail from COMODO and once you extract the file you will get 4 files:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
www_domainname_com.crt

4th: Need to install all the crt files in the keystore files. And to install all crt file please follow below command:

keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore certificatename.keystore
keytool -import -trustcacerts -alias COMODORSAAddTrustCA -file COMODORSAAddTrustCA.crt -keystore certificatename.keystore
keytool -import -trustcacerts -alias COMODORSADomainValidationSecureServerCA -file COMODORSADomainValidationSecureServerCA.crt -keystore certificatename.keystore
keytool -import -trustcacerts -alias mykey -file www_domainname_com.crt -keystore certificatename.keystore

Once everything installed you will get the final certificatename.keystore, which can be installed in wildfly server.

Now to install in wildfly server we need to follow below method:

a) Put the certificatename.keystore file in {wildfly home folder}/standalone/configuration folder. And find standalone.xml file to edit. details configuration mentioned below:

<?xml version='1.0' encoding='UTF-8'?>
<server xmlns="urn:jboss:domain:3.0">
  <extensions>
    <extension module="org.jboss.as.clustering.infinispan"/>
    <extension module="org.jboss.as.connector"/>
    <extension module="org.jboss.as.deployment-scanner"/>
    <extension module="org.jboss.as.ee"/>
    <extension module="org.jboss.as.ejb3"/>
    <extension module="org.jboss.as.jaxrs"/>
    <extension module="org.jboss.as.jdr"/>
    <extension module="org.jboss.as.jmx"/>
    <extension module="org.jboss.as.jpa"/>
    <extension module="org.jboss.as.jsf"/>
    <extension module="org.jboss.as.logging"/>
    <extension module="org.jboss.as.mail"/>
    <extension module="org.jboss.as.naming"/>
    <extension module="org.jboss.as.pojo"/>
    <extension module="org.jboss.as.remoting"/>
    <extension module="org.jboss.as.sar"/>
    <extension module="org.jboss.as.security"/>
    <extension module="org.jboss.as.transactions"/>
    <extension module="org.jboss.as.webservices"/>
    <extension module="org.jboss.as.weld"/>
    <extension module="org.wildfly.extension.batch"/>
    <extension module="org.wildfly.extension.bean-validation"/>
    <extension module="org.wildfly.extension.io"/>
    <extension module="org.wildfly.extension.request-controller"/>
    <extension module="org.wildfly.extension.security.manager"/>
    <extension module="org.wildfly.extension.undertow"/>
  </extensions>
  <management>
    <security-realms>
      <security-realm name="ManagementRealm">
        <authentication>
          <local default-user="$local" skip-group-loading="true"/>
          <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
        </authentication>
        <authorization map-groups-to-roles="false">
          <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
        </authorization>
      </security-realm>
      <security-realm name="ApplicationRealm">
        <authentication>
          <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
          <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
        </authentication>
        <authorization>
          <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
        </authorization>
      </security-realm>
      <security-realm name="YourRealm">
        <server-identities>
          <ssl>
            <keystore path="certificatename.keystore" relative-to="jboss.server.config.dir" keystore-password="yourpasswordgivenatcreationtime"/>
          </ssl>
        </server-identities>
      </security-realm>
    </security-realms>
    <audit-log>
      <formatters>
        <json-formatter name="json-formatter"/>
      </formatters>
      <handlers>
        <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
      </handlers>
      <logger log-boot="true" log-read-only="false" enabled="false">
        <handlers>
          <handler name="file"/>
        </handlers>
      </logger>
    </audit-log>
    <management-interfaces>
      <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
        <socket-binding http="management-http"/>
      </http-interface>
    </management-interfaces>
    <access-control provider="simple">
      <role-mapping>
        <role name="SuperUser">
          <include>
            <user name="$local"/>
          </include>
        </role>
      </role-mapping>
    </access-control>
  </management>
  <profile>
    <subsystem xmlns="urn:jboss:domain:logging:3.0">
      <console-handler name="CONSOLE">
        <level name="INFO"/>
        <formatter>
          <named-formatter name="COLOR-PATTERN"/>
        </formatter>
      </console-handler>
      <periodic-rotating-file-handler name="FILE" autoflush="true">
        <formatter>
          <named-formatter name="PATTERN"/>
        </formatter>
        <file relative-to="jboss.server.log.dir" path="server.log"/>
        <suffix value=".yyyy-MM-dd"/>
        <append value="true"/>
      </periodic-rotating-file-handler>
      <logger category="com.arjuna">
        <level name="WARN"/>
      </logger>
      <logger category="org.apache.tomcat.util.modeler">
        <level name="WARN"/>
      </logger>
      <logger category="org.jboss.as.config">
        <level name="DEBUG"/>
      </logger>
      <logger category="sun.rmi">
        <level name="WARN"/>
      </logger>
      <logger category="jacorb">
        <level name="WARN"/>
      </logger>
      <logger category="jacorb.config">
        <level name="ERROR"/>
      </logger>
      <root-logger>
        <level name="INFO"/>
        <handlers>
          <handler name="CONSOLE"/>
          <handler name="FILE"/>
        </handlers>
      </root-logger>
      <formatter name="PATTERN">
        <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
      </formatter>
      <formatter name="COLOR-PATTERN">
        <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
      </formatter>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:batch:1.0">
      <job-repository>
        <in-memory/>
      </job-repository>
      <thread-pool>
        <max-threads count="10"/>
        <keepalive-time time="30" unit="seconds"/>
      </thread-pool>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
    <subsystem xmlns="urn:jboss:domain:datasources:3.0">
      <datasources>
        <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
          <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
          <driver>h2</driver>
          <security>
            <user-name>sa</user-name>
            <password>sa</password>
          </security>
        </datasource>
        <drivers>
          <driver name="h2" module="com.h2database.h2">
            <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
          </driver>
        </drivers>
      </datasources>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
      <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:ee:3.0">
      <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
      <concurrent>
        <context-services>
          <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
        </context-services>
        <managed-thread-factories>
          <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
        </managed-thread-factories>
        <managed-executor-services>
          <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" core-threads="5" max-threads="25" keepalive-time="5000"/>
        </managed-executor-services>
        <managed-scheduled-executor-services>
          <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" core-threads="2" keepalive-time="3000"/>
        </managed-scheduled-executor-services>
      </concurrent>
      <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:ejb3:3.0">
      <session-bean>
        <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
        <singleton default-access-timeout="5000"/>
      </session-bean>
      <pools>
        <bean-instance-pools>
          <strict-max-pool name="slsb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
          <strict-max-pool name="mdb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
        </bean-instance-pools>
      </pools>
      <caches>
        <cache name="simple"/>
        <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
      </caches>
      <passivation-stores>
        <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
      </passivation-stores>
      <async thread-pool-name="default"/>
      <timer-service thread-pool-name="default" default-data-store="default-file-store">
        <data-stores>
          <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
        </data-stores>
      </timer-service>
      <remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
      <thread-pools>
        <thread-pool name="default">
          <max-threads count="10"/>
          <keepalive-time time="100" unit="milliseconds"/>
        </thread-pool>
      </thread-pools>
      <default-security-domain value="other"/>
      <default-missing-method-permissions-deny-access value="true"/>
      <log-system-exceptions value="true"/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:io:1.1">
      <worker name="default"/>
      <buffer-pool name="default"/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:infinispan:3.0">
      <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
        <local-cache name="default">
          <transaction mode="BATCH"/>
        </local-cache>
      </cache-container>
      <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
        <local-cache name="passivation">
          <locking isolation="REPEATABLE_READ"/>
          <transaction mode="BATCH"/>
          <file-store passivation="true" purge="false"/>
        </local-cache>
        <local-cache name="persistent">
          <locking isolation="REPEATABLE_READ"/>
          <transaction mode="BATCH"/>
          <file-store passivation="false" purge="false"/>
        </local-cache>
      </cache-container>
      <cache-container name="ejb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan" aliases="sfsb">
        <local-cache name="passivation">
          <locking isolation="REPEATABLE_READ"/>
          <transaction mode="BATCH"/>
          <file-store passivation="true" purge="false"/>
        </local-cache>
        <local-cache name="persistent">
          <locking isolation="REPEATABLE_READ"/>
          <transaction mode="BATCH"/>
          <file-store passivation="false" purge="false"/>
        </local-cache>
      </cache-container>
      <cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
        <local-cache name="local-query">
          <eviction strategy="LRU" max-entries="10000"/>
          <expiration max-idle="100000"/>
        </local-cache>
        <local-cache name="entity">
          <transaction mode="NON_XA"/>
          <eviction strategy="LRU" max-entries="10000"/>
          <expiration max-idle="100000"/>
        </local-cache>
        <local-cache name="timestamps"/>
      </cache-container>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
    <subsystem xmlns="urn:jboss:domain:jca:3.0">
      <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
      <bean-validation enabled="true"/>
      <default-workmanager>
        <short-running-threads>
          <core-threads count="50"/>
          <queue-length count="50"/>
          <max-threads count="50"/>
          <keepalive-time time="10" unit="seconds"/>
        </short-running-threads>
        <long-running-threads>
          <core-threads count="50"/>
          <queue-length count="50"/>
          <max-threads count="50"/>
          <keepalive-time time="10" unit="seconds"/>
        </long-running-threads>
      </default-workmanager>
      <cached-connection-manager/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
    <subsystem xmlns="urn:jboss:domain:jmx:1.3">
      <expose-resolved-model/>
      <expose-expression-model/>
      <remoting-connector/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:jpa:1.1">
      <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
    <subsystem xmlns="urn:jboss:domain:mail:2.0">
      <mail-session name="default" jndi-name="java:jboss/mail/Default">
        <smtp-server outbound-socket-binding-ref="mail-smtp"/>
      </mail-session>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:naming:2.0">
      <remote-naming/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:pojo:1.0"/>
    <subsystem xmlns="urn:jboss:domain:remoting:3.0">
      <endpoint worker="default"/>
      <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:resource-adapters:3.0"/>
    <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
    <subsystem xmlns="urn:jboss:domain:sar:1.0"/>
    <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
      <deployment-permissions>
        <maximum-set>
          <permission class="java.security.AllPermission"/>
        </maximum-set>
      </deployment-permissions>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:security:1.2">
      <security-domains>
        <security-domain name="other" cache-type="default">
          <authentication>
            <login-module code="Remoting" flag="optional">
              <module-option name="password-stacking" value="useFirstPass"/>
            </login-module>
            <login-module code="RealmDirect" flag="required">
              <module-option name="password-stacking" value="useFirstPass"/>
            </login-module>
          </authentication>
        </security-domain>
        <security-domain name="jboss-web-policy" cache-type="default">
          <authorization>
            <policy-module code="Delegating" flag="required"/>
          </authorization>
        </security-domain>
        <security-domain name="jboss-ejb-policy" cache-type="default">
          <authorization>
            <policy-module code="Delegating" flag="required"/>
          </authorization>
        </security-domain>
      </security-domains>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:transactions:3.0">
      <core-environment>
        <process-id>
          <uuid/>
        </process-id>
      </core-environment>
      <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:undertow:2.0">
      <buffer-cache name="default"/>
      <server name="default-server">
        <http-listener name="default" socket-binding="http"/>
        <https-listener name="default-ssl" socket-binding="https" security-realm="YourRealm"/>
        <host name="default-host" alias="localhost" default-web-module="yourwarfile.war">
          <filter-ref name="server-header"/>
          <filter-ref name="x-powered-by-header"/>
        </host>
      </server>
      <servlet-container name="default">
        <jsp-config/>
        <websockets/>
      </servlet-container>
      <handlers>
        <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
      </handlers>
      <filters>
        <response-header name="server-header" header-name="Server" header-value="WildFly/9"/>
        <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
      </filters>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:webservices:2.0">
      <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
      <endpoint-config name="Standard-Endpoint-Config"/>
      <endpoint-config name="Recording-Endpoint-Config">
        <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
          <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
        </pre-handler-chain>
      </endpoint-config>
      <client-config name="Standard-Client-Config"/>
    </subsystem>
    <subsystem xmlns="urn:jboss:domain:weld:2.0"/>
  </profile>
  <interfaces>
    <interface name="management">
      <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
    </interface>
    <interface name="public">
      <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="unsecure">
      <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
    </interface>
  </interfaces>
  <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
   <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
    <socket-binding name="http" port="${jboss.http.port:80}"/>
      <socket-binding name="https" port="${jboss.https.port:443}"/>
    <socket-binding name="txn-recovery-environment" port="4712"/>
    <socket-binding name="txn-status-manager" port="4713"/>
    <outbound-socket-binding name="mail-smtp">
      <remote-destination host="localhost" port="25"/>
    </outbound-socket-binding>
  </socket-binding-group>
</server>
Answer is