HTTPS for communication between the application server and the web server
First configure the SSL connector for the application server.
1. Stop the application server.
2. Start the CLI offline.
3. Update the parameters and run these commands.
| By default we expect the keystore in the WildFly configuration directory (...\Server\wildfly-*\standalone\configuration), so you only need to provide the keystore name in the keystore-path parameter. If you want to use another location, provide the full path in the keystore-path parameter and remove the keystore-relative-to parameter from the command. |
/core-service=management/security-realm=PlanonRealm/server-identity=ssl:add(keystore-path="yourKeystore.jks", keystore-relative-to="jboss.server.config.dir", keystore-password="changeit", alias="yourAlias", key-password="changeit")
4. Run the following command.
/subsystem=undertow/server=default-server/https-listener=HTTPs/:add(security-realm=PlanonRealm, tcp-keep-alive=true, disallowed-methods=[PUT,DELETE,OPTIONS,HEAD,TRACE,CONNECT,PATCH], max-post-size=1024000000, socket-binding=https)
5. Run the following command to update the remoting connector to use the HTTPs connector.
/subsystem=remoting/http-connector=http-remoting-connector/:write-attribute(name=connector-ref,value=HTTPs)
6. (Re)start the application server.
Client side changes
Update the web server.
Procedure
1. You must change the remoting.xml located in ...\Server\tomcat-*\conf". Change the URL property to reflect the changes in protocol and port number. Make sure you fill in the correct hostname and port number.
<url>https://hostname:port/rest</url>
2. Add your certificate to the client cacerts keystore if needed (for example self-signed certificate). To do so use the following command:
The keytool can be found in the following location ...\Server\jdk-*\bin
keytool -cacerts -import -trustcacerts -noprompt -file path\to\your\certificate.crt -alias yourAlias -storepass changeit