The helloworld-ssl
quickstart is a basic example that demonstrates server side SSL configuration in WildFly.
What is it?
This helloworld-ssl
quickstart demonstrates the configuration of SSL in WildFly Application Server.
This quickstart shows how to configure WildFly to enable TLS/SSL configuration for the new undertow
web subsystem.
Before you run this example, you must create certificates and configure the server to use SSL.
System Requirements
The application this project produces is designed to be run on WildFly Application Server 12 or later.
All you need to build this project is Java 8.0 (Java SDK 1.8) or later and Maven 3.3.1 or later. See Configure Maven to Build and Deploy the Quickstarts to make sure you are configured correctly for testing the quickstarts.
To run these quickstarts with the provided build scripts, you need the WildFly distribution ZIP. For information on how to install and run the WildFly server, see the Getting Started Guide for JBoss Enterprise Application Platform Continuous Delivery located on the Red Hat Customer Portal.
Use of WILDFLY_HOME
In the following instructions, replace WILDFLY_HOME
with the actual path to your WildFly installation. The installation path is described in detail here: Use of WILDFLY_HOME and JBOSS_HOME Variables.
Generate a Keystore and Self-signed Certificate
-
Open a terminal and navigate to the WildFly server
configuration
directory:$ cd WILDFLY_HOME/standalone/configuration/
-
Create a certificate for your server using the following command:
$>keytool -genkey -alias mycert -keyalg RSA -sigalg MD5withRSA -keystore server.keystore -storepass secret -keypass secret -validity 9999 What is your first and last name? [Unknown]: localhost What is the name of your organizational unit? [Unknown]: wildfly What is the name of your organization? [Unknown]: jboss What is the name of your City or Locality? [Unknown]: Raleigh What is the name of your State or Province? [Unknown]: Carolina What is the two-letter country code for this unit? [Unknown]: US Is CN=localhost, OU=wildfly, O=jboss, L=Raleigh, ST=Carolina, C=US correct? [no]: yes
Make sure you enter your desired "hostname" for the
first and last name
field, otherwise you might run into issues while permanently accepting this certificate as an exception in some browsers. Chrome does not currently exhibit this issue.
Back Up the WildFly Standalone Server Configuration
Before you begin, back up your server configuration file.
-
If it is running, stop the WildFly server.
-
Back up the
WILDFLY_HOME/standalone/configuration/standalone.xml
file.
After you have completed testing this quickstart, you can replace this file to restore the server to its original configuration.
Start the WildFly Standalone Server
-
Open a terminal and navigate to the root of the WildFly directory.
-
Start the WildFly server with the default profile by typing the following command.
$ WILDFLY_HOME/bin/standalone.sh
NoteFor Windows, use the WILDFLY_HOME\bin\standalone.bat
script.
Configure the Server
You configure the SSL context by running JBoss CLI commands. For your convenience, this quickstart batches the commands into a configure-ssl.cli
script provided in the root directory of this quickstart.
-
Before you begin, make sure you do the following:
-
Back up the WildFly standalone server configuration as described above.
-
Start the WildFly server with the standalone default profile as described above.
-
-
Review the
configure-ssl.cli
file in the root of this quickstart directory. Comments in the script describe the purpose of each block of commands. -
Open a new terminal, navigate to the root directory of this quickstart, and run the following command, replacing
WILDFLY_HOME
with the path to your server:$ WILDFLY_HOME/bin/jboss-cli.sh --connect --file=configure-ssl.cli
NoteFor Windows, use the WILDFLY_HOME\bin\jboss-cli.bat
script.You should see the following result when you run the script:
The batch executed successfully process-state: reload-required
Test the Server SSL Configuration
To test the connection to the SSL port of your your server instance by opening a browser and navigation to https://localhost:8443/. Note, that you get the privacy error because the server certificate is self-signed. If you need to use a fully signed certificate, you must get a PEM file from the Certificate Authority and then import the PEM into the keystore. . Stop the WildFly server.
Review the Modified Server Configuration
-
Stop the server and open the
WILDFLY_HOME/standalone/configuration/standalone.xml
file and review the changes. -
The following
key-store
was added to theelytron
subsystem:<key-stores> <key-store name="qsKeyStore"> <credential-reference clear-text="secret"/> <implementation type="JKS"/> <file path="server.keystore" relative-to="jboss.server.config.dir"/> </key-store> </key-stores>
-
The following
key-manager
was added to theelytron
subsystem:<key-managers> <key-manager name="qsKeyManager" key-store="qsKeyStore"> <credential-reference clear-text="secret"/> </key-manager> </key-managers>
-
The following
ssl-context
was added to theelytron
subsystem:<server-ssl-contexts> <server-ssl-context name="qsSSLContext" protocols="TLSv1.2" key-manager="qsKeyManager"/> </server-ssl-contexts>
-
The
https-listener
in theundertow
subsystem was changed to reference theqsSSLContext
ssl-context
:<https-listener name="https" socket-binding="https" ssl-context="qsSSLContext" enable-http2="true"/>
Build and Deploy the Quickstart
-
Make sure you start the WildFly server as described above.
-
Open a terminal and navigate to the root directory of this quickstart.
-
Type the following command to build the artifacts.
$ mvn clean package wildfly:deploy
This deploys the helloworld-ssl/target/helloworld-ssl.war
to the running instance of the server.
You should see a message in the server log indicating that the archive deployed successfully.
Access the Application
The application will be running at the following URL: https://localhost:8443/helloworld-ssl/.
Undeploy the Quickstart
When you are finished testing the quickstart, follow these steps to undeploy the archive.
-
Make sure you start the WildFly server as described above.
-
Open a terminal and navigate to the root directory of this quickstart.
-
Type this command to undeploy the archive:
$ mvn wildfly:undeploy
Restore the WildFly Standalone Server Configuration
You can restore the original server configuration using either of the following methods.
-
You can run the
restore-configuration.cli
script provided in the root directory of this quickstart. -
You can manually restore the configuration using the backup copy of the configuration file.
Restore the WildFly Standalone Server Configuration by Running the JBoss CLI Script
-
Start the WildFly server as described above.
-
Open a new terminal, navigate to the root directory of this quickstart, and run the following command, replacing
WILDFLY_HOME
with the path to your server:$ WILDFLY_HOME/bin/jboss-cli.sh --connect --file=restore-configuration.cli
NoteFor Windows, use the WILDFLY_HOME\bin\jboss-cli.bat
script.
This script reverts the changes made to the undertow
subsystem and it also removes the ssl-context
, key-manager
, and key-store
from the elytron
subsystem. You should see the following result when you run the script.
The batch executed successfully
process-state: reload-required
Restore the WildFly Standalone Server Configuration Manually
When you have completed testing the quickstart, you can restore the original server configuration by manually restoring the backup copy the configuration file.
-
If it is running, stop the WildFly server.
-
Replace the
WILDFLY_HOME/standalone/configuration/standalone.xml
file with the backup copy of the file.
Remove the keystore created for this quickstart
-
Open a terminal and navigate to the WildFly server
configuration
directory.$ cd WILDFLY_HOME/standalone/configuration/
-
Remove the keystore generated for this quickstart.
Run the Quickstart in Red Hat JBoss Developer Studio or Eclipse
You can also start the server and deploy the quickstarts or run the Arquillian tests in Red Hat JBoss Developer Studio or from Eclipse using JBoss tools. For general information about how to import a quickstart, add a WildFly server, and build and deploy a quickstart, see Use JBoss Developer Studio or Eclipse to Run the Quickstarts.
-
Make sure you configure the server by running the JBoss CLI commands as described above under Configure the Server. Stop the server at the end of that step.
-
Make sure you restore the server configuration when you have completed testing this quickstart.
Debug the Application
If you want to debug the source code of any library in the project, run the following command to pull the source into your local repository. The IDE should then detect it.
$ mvn dependency:sources