Enabling SSL and HTTPS for X4 Server
SSL and HTTPS can be configured for the X4 Server that is based on WildFly.
Requirements
- You have already created a keystore
- You have a valid certificate
Customize key-stores
- Open the standalone.xml in the server directory under \wildfly\standalone\configuration.
Modify the following lines.
XML<subsystem xmlns="urn:wildfly:elytron:14.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> ... <tls> <key-stores> <key-store name="KeystoreName"> <credential-reference clear-text="password"/> <file path="server.keystore" relative-to="jboss.server.config.dir"/> </key-store> </key-stores> ... ... </tls> ... </subsystem>name: Name of the key-store. Used to reference the key-store in thekey-managerelement.file: Path to the key-store. In the above example, a relative path is specified. If you specify an absolute path to the key-store, therelative-toattribute is obsolete.
Customize key-managers
- Open the standalone.xml in the server directory under \wildfly\standalone\configuration.
Modify the following lines.
XML<subsystem xmlns="urn:wildfly:elytron:14.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> ... <tls> ... <key-managers> <key-manager name="KeymanagerName" key-store="KeystoreName"> <credential-reference clear-text="password"/> </key-manager> </key-managers> ... </tls> ... </subsystem>
name: Name of the key-manager.key-store: Name of the key-store that will be used.clear-text: Password of the key-store.
Customize server-ssl-contexts
- Open the standalone.xml in the server directory under \wildfly\standalone\configuration.
Modify the following lines.
XML<subsystem xmlns="urn:wildfly:elytron:14.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> ... <tls> ... <server-ssl-contexts> <server-ssl-context name="httpsSSC" key-manager="KeymanagerName" protocols="TLSv1.2"/> </server-ssl-contexts> ... </tls> ... </subsystem>
name: Name of the SSL-context.key-manager: Name of the key-manager that will be used.protocols: SSL/TLS protocol to be used. The above example uses TLSv1.2.
Customize https-listener
- Open the standalone.xml in the server directory under \wildfly\standalone\configuration.
Modify the following lines.
To disable HTTP, remove the
<http-listener>line.XML<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}"> ... <https-listener name="https" socket-binding="https" ssl-context="httpsSSC" enable-http2="true"/> ... </subsystem>
ssl-context: Name of the SSL context that will be used.
Customize socket-binding
- Open the standalone.xml in the server directory under \wildfly\standalone\configuration.
Modify the following lines.
XML<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> ... <socket-binding name="https" port="${jboss.https.port:8443}"/> ... </socket-binding-group>By default, the https port is set to 8443, but you can customize the port as you wish.
For more information, see the official WildFly documentation at https://docs.wildfly.org/25/WildFly_Elytron_Security.html#configure-ssltls.