jbosscommand-line-interfacewildflyjboss-cli

How to add https-listener to WildFly's default-server?


I'm following the tutorial from: https://github.com/jbosstm/quickstart/tree/master/XTS/ssl

Using jboss-cli successfully added the security-realm:

/core-service=management/security-realm=SSLRealm:add()
/core-service=management/security-realm=SSLRealm/server-identity=ssl:add( \
   keystore-path=./standalone/configuration/server.keystore, \
   keystore-password=client, \
   alias=client)

When I try to add an https-listener:

/subsystem=undertow/server=default-server/https-listener=https:add( \
    socket-binding="https", security-realm="SSLRealm" \
)

WildFly throws an exception:

{
  "outcome" => "failed",
  "failure-description" => "JBAS014750: Operation handler failed to complete",
  "rolled-back" => true
}

Any ideas how to add the https-listener?


Solution

  • Here is what worked for me on WildFly 8.1:

    Add a realm:

    [standalone@localhost:9990 /] /core-service=management/security-realm=WebSocketRealm:add()
    {"outcome" => "success"}
    

    Configure it:

    [standalone@localhost:9990 /] /core-service=management/security-realm=WebSocketRealm/server-identity=ssl:add(keystore-path=websocket.keystore, keystore-relative-to=jboss.server.config.dir, keystore-password=websocket)
    {
        "outcome" => "success",
        "response-headers" => {
            "operation-requires-reload" => true,
            "process-state" => "reload-required"
        }
    }
    

    Add a new listener:

    [standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=WebSocketRealm)
    {
        "outcome" => "success",
        "response-headers" => {"process-state" => "reload-required"}
    }
    

    And then restart:

    [standalone@localhost:9990 /] reload
    

    This added the following fragments to standalone/configuration/standalone.xml:

    <security-realm name="WebSocketRealm">
                <server-identities>
                    <ssl>
                        <keystore path="websocket.keystore" relative-to="jboss.server.config.dir" keystore-password="websocket"/>
                    </ssl>
                </server-identities>
            </security-realm>
    

    and

    <https-listener name="https" socket-binding="https" security-realm="WebSocketRealm"/>
    

    What version of WildFly are you using ?