sslconfigurationjbosswildflywildfly-26

SSL configuration is not working in Wildfly 26.0.1


We are trying to migrate Wildfly from 8.1.0.Final to 26.0.1.Final. Currently Wildfly is running in standalone mode hence standalone.xml is in used for configurations and no domain configuration so far.

Everything is working that includes, management console, package deployments etc but requesting URL with https gives us "This site can't be reached". It appears there is something wrong with SSL configuration in Wildfly 26.0.1.Final because same SSL certificate have been used in version 8.1.0.Final.

Here is SSL/TLS configuration we are using:

            <tls>
                <key-stores>
                    <key-store name="abc-keystore">
                        <credential-reference clear-text="clearpasswordonetwothree"/>
                        <implementation type="JKS"/>
                        <file path="abc-keystore.jks" relative-to="jboss.server.config.dir"/>
                    </key-store>
                </key-stores>
                <key-managers>
                    <key-manager name="applicationKM" key-store="abc-keystore">
                        <credential-reference clear-text="clearpasswordonetwothree"/>
                    </key-manager>
                </key-managers>
                <server-ssl-contexts>
                    <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
                </server-ssl-contexts>
            </tls>

We've removed generate-self-signed-certificate-host="localhsot" from configuration because certificate is not self-signed in our case. Like I mentioned before, same SSL certificate have been used in version 8.1.0.

Please be noted that this is specifically related to version 26.0.1.Final and I have no idea if any more configuration is required apart from the above.

Any help is highly appreciated.


Solution

  • This is how I sorted out with the help of Wildfly support. In my case it's standalone mode.

    TLS Block:

    <tls>
                    <key-stores>
                        <key-store name="applicationKS">
                            <credential-reference clear-text="password"/>
                            <implementation type="JKS"/>
                            <file path="C:\wildfly26\application.keystore.jks"/>
                        </key-store>
                    </key-stores>
                    <key-managers>
                        <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
                            <credential-reference clear-text="password"/>
                        </key-manager>
                    </key-managers>
                    <server-ssl-contexts>
                        <server-ssl-context name="applicationSSC" protocols="TLSv1.2" key-manager="applicationKM"/>
                    </server-ssl-contexts>
                </tls>
    

    Reference SSL context in https-listener

    <https-listener name="https" socket-binding="https" ssl-context="applicationSSC" enable-http2="true"/>
    

    Socket Binding under socket-binding-group Change port from 8443 to 443

    <socket-binding name="https" port="${jboss.https.port:443}"/>
    

    Configure Interface

    <interfaces>
            <interface name="management">
                <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
            </interface>
            <interface name="public">
                <inet-address value="${jboss.bind.address:0.0.0.0}"/>
            </interface>
        </interfaces>