AMRIT
  • Introduction
  • Architecture
    • System architecture overview
    • API Guide
    • Integrations
  • Developer Guide
    • Codebase structure
    • Development environment setup
      • System Requirements
      • Software dependencies
      • Installation Instructions
        • For UI repositories
        • For API repositories
      • Common Issues and Troubleshooting
  • Deployment
    • Installation guide
    • CI/CD pipelines
    • Observability
    • Wildfly
      • SSL Configuration for WildFly
  • Data Management
    • Database schema
    • Data privacy and security
    • Data export
    • Reporting
      • Integrating DHIS2 with AMRIT
      • Example Python Scripts
  • Community and Support
    • Contributing to AMRIT
    • How to get help
    • Code of conduct
    • Contribution guidelines
Powered by GitBook
On this page
  1. Deployment
  2. Wildfly

SSL Configuration for WildFly

PreviousWildflyNextDatabase schema

Last updated 3 months ago

Introduction

Configuring SSL on WildFly is an essential step to ensure secure communication between clients and servers. SSL (Secure Sockets Layer) uses encryption to protect data transmitted over the network, safeguarding it from eavesdropping and tampering. By integrating SSL into your WildFly application server, you enhance security by enabling encrypted connections that authenticate identity and encrypt data. The configuration process involves generating a certificate request, installing the intermediate and primary certificates, and updating server settings to enforce secure communication channels. This setup helps in maintaining data integrity and confidentiality for our applications.

Steps

Step1:

Create a certificate request CSR (Certificate Signing Request) and private key.

Step2:

After sharing CSR file with vendor, we will get .ZIP file containing 3 certificates

· Intermediate certificate: CA_emSign SSL CA - G1.cer

· Domain certificate: EndEntity_wc.piramalswasthya.org.cer

· Root certificate: RootCA_emSign Root CA - G1.cer

Combine three certificates in to single cert file (add each cert in new line and add empty line at the end) using notepad.

Save the certificate chain as wildcard.crt.

Step3:

Download and install Keystore Explorer from

Generate *.jks file using above two files (wildcard.crt, wildcard_key.key)

Follow bellow attached pdf document

Verify the configuration in stanalone.xml file

  • TLS BLOCK

  • INTERFACES BLOCK

  • SOCKET BINDING BLOCK

<tls>
    <key-stores>
        <key-store name="applicationKS">
        <credential-reference clear-text="password"/>
        <implementation type="JKS"/>
        <file path="wildcard.jks" relative-to="jboss.server.config.dir"/>
        </key-store>
    </key-stores>
    <key-managers>
        <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="*.piramalswasthya.org (emsign ssl ca - g1)">
        <credential-reference clear-text="password"/>
        </key-manager>
    </key-managers>
    <server-ssl-contexts>
    <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
    </server-ssl-contexts>
</tls>

<interfaces>
        <interface name="management">
            <any-address/>
        </interface>
        <interface name="public">
            <any-address/>
        </interface>
</interfaces>

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
        -------
        <socket-binding name="https" port="${jboss.https.port:443}"/>
        -------
</socket-binding-group>

Step 5:

Stop wildlfy and then stop redis

Update the jks file under wildlfy configuration folder.

Start redis and then start wildfly.

Step 6:

Verify the SSL from

here
ssl checker
640KB
SSL RENEWAL PROCESS.pdf
pdf