使用 letencrypt 证书在 Wildfly 19 上设置 ssl 证书
Setting up ssl certificate on Wildfly 19 using letencrypt certificate
我正在尝试在 wildfly 19.0.0-Final 上实现 SSL 证书,运行ning 在 CentOS 上
centos-release-7-7.1908.0.el7.centos.x86_64 with Java openjdk version "1.8.0_242"
OpenJDK 运行时环境(build 1.8.0_242-b08)
OpenJDK 64 位服务器 VM(内部版本 25.242-b08,混合模式)
我已执行以下步骤将 say https://www.example.com 域映射到我的 Wildfly 内容工资单
我的密钥库位于以下位置:
/opt/wildfly-19.0.0.Final/standalone/configuration/www.example.com.jks
正在将证书添加到服务器。
http://www.mastertheboss.com/jboss-server/jboss-security/complete-tutorial-for-configuring-ssl-https-on-wildfly
在 sh /opt/wildfly-19.0.0.Final/bin/jboss-cli.sh 登录管理控制台
连接
然后运行下面的脚本
batch
# Configure Server Keystore
/subsystem=elytron/key-store=demoKeyStore:add(path=server.keystore,relative-to=jboss.server.config.dir, credential-reference={clear-text=secret},type=JKS)
# Server Keystore credentials
/subsystem=elytron/key-manager=demoKeyManager:add(key-store=demoKeyStore,credential-reference={clear-text=secret})
# Server keystore Protocols
/subsystem=elytron/server-ssl-context=demoSSLContext:add(key-manager=demoKeyManager,protocols=["TLSv1.2"])
# This is only needed if WildFly uses by default the Legacy security realm
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
# Store SSL Context information in undertow
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=demoSSLContext)
run-batch
reload
现在它将向配置文件添加一个 tls 部分
看起来像
<tls>
<key-stores>
<key-store name="demoKeyStore">
<credential-reference clear-text="secret"/>
<implementation type="JKS"/>
<file path="server.keystore" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="demoKeyManager" key-store="demoKeyStore">
<credential-reference clear-text="secret"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="demoSSLContext" protocols="TLSv1.2" key-manager="demoKeyManager"/>
</server-ssl-contexts>
</tls>
停止 wildfly 以开始更改配置。
/usr/sbin/wildfly-19.0.0.Final 停止
阻止野蝇:
将其更改为
<tls>
<key-stores>
<key-store name="demoKeyStore">
<credential-reference clear-text="Some1pwD"/>
<implementation type="JKS"/>
<file path="www.example.com.jks" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="demoKeyManager" key-store="demoKeyStore">
<credential-reference clear-text="Some1pwD"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="demoSSLContext" protocols="TLSv1.2" key-manager="demoKeyManager"/>
</server-ssl-contexts>
</tls>
/usr/sbin/wildfly-19.0.0.Final开始
当 http://www.example.com 正在工作时,我无法在 https://www.example.com 上访问 wildfly
可以使用 WildFly CLI 从 Let's Encrypt 获取证书。看看下面的博客 post,它描述了如何做到这一点:
此处第 4.3.6 节中还有其他文档:
https://docs.wildfly.org/19/WildFly_Elytron_Security.html#configure-ssltls
请注意,要使用新证书而无需重新启动服务器,您只需重新初始化您的密钥管理器(例如,/subsystem=elytron/key-manager=httpsKM:init())。
我正在尝试在 wildfly 19.0.0-Final 上实现 SSL 证书,运行ning 在 CentOS 上 centos-release-7-7.1908.0.el7.centos.x86_64 with Java openjdk version "1.8.0_242" OpenJDK 运行时环境(build 1.8.0_242-b08) OpenJDK 64 位服务器 VM(内部版本 25.242-b08,混合模式)
我已执行以下步骤将 say https://www.example.com 域映射到我的 Wildfly 内容工资单
我的密钥库位于以下位置: /opt/wildfly-19.0.0.Final/standalone/configuration/www.example.com.jks
正在将证书添加到服务器。 http://www.mastertheboss.com/jboss-server/jboss-security/complete-tutorial-for-configuring-ssl-https-on-wildfly
在 sh /opt/wildfly-19.0.0.Final/bin/jboss-cli.sh 登录管理控制台 连接
然后运行下面的脚本
batch
# Configure Server Keystore
/subsystem=elytron/key-store=demoKeyStore:add(path=server.keystore,relative-to=jboss.server.config.dir, credential-reference={clear-text=secret},type=JKS)
# Server Keystore credentials
/subsystem=elytron/key-manager=demoKeyManager:add(key-store=demoKeyStore,credential-reference={clear-text=secret})
# Server keystore Protocols
/subsystem=elytron/server-ssl-context=demoSSLContext:add(key-manager=demoKeyManager,protocols=["TLSv1.2"])
# This is only needed if WildFly uses by default the Legacy security realm
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
# Store SSL Context information in undertow
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=demoSSLContext)
run-batch
reload
现在它将向配置文件添加一个 tls 部分
看起来像
<tls>
<key-stores>
<key-store name="demoKeyStore">
<credential-reference clear-text="secret"/>
<implementation type="JKS"/>
<file path="server.keystore" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="demoKeyManager" key-store="demoKeyStore">
<credential-reference clear-text="secret"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="demoSSLContext" protocols="TLSv1.2" key-manager="demoKeyManager"/>
</server-ssl-contexts>
</tls>
停止 wildfly 以开始更改配置。
/usr/sbin/wildfly-19.0.0.Final 停止
阻止野蝇:
将其更改为
<tls>
<key-stores>
<key-store name="demoKeyStore">
<credential-reference clear-text="Some1pwD"/>
<implementation type="JKS"/>
<file path="www.example.com.jks" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="demoKeyManager" key-store="demoKeyStore">
<credential-reference clear-text="Some1pwD"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="demoSSLContext" protocols="TLSv1.2" key-manager="demoKeyManager"/>
</server-ssl-contexts>
</tls>
/usr/sbin/wildfly-19.0.0.Final开始
当 http://www.example.com 正在工作时,我无法在 https://www.example.com 上访问 wildfly
可以使用 WildFly CLI 从 Let's Encrypt 获取证书。看看下面的博客 post,它描述了如何做到这一点:
此处第 4.3.6 节中还有其他文档:
https://docs.wildfly.org/19/WildFly_Elytron_Security.html#configure-ssltls
请注意,要使用新证书而无需重新启动服务器,您只需重新初始化您的密钥管理器(例如,/subsystem=elytron/key-manager=httpsKM:init())。