Clever Geek Handbook

How to set up SSL in Jboss Wildfly 8.1

I have configured SSL in JBoss Wildfly 8.1. I created keystore files and updated the standaolne.xml file as shown below

<security-realm name="security-realm">
  <server-identities> 
     <ssl> 
        <keystore path="security/keystore.jks" relative-to="jboss.server.config.dir" keystore-password="changeit" key-password=" changeit"/> 
     </ssl>
  </server-identities> 
</security-realm>

The key password and key-password are in the clear. We simply cannot show it in clear text. I want to encrypt my password. I've tried a lot but couldn't be credible in this regard. So any authority can help me on how to encrypt this password and how to use it in the sandalone.xml file.

+3


source to share


1 answer


You can mask passwords for WildFly using VaultTool .

The VaultTool used on the WildFly application server is used to create / use a vault for protected attributes (eg passwords), which can later be used in a hidden form in WildFly configuration files.

This way, users can use links to their protected attributes instead of placing them in text form in the configuration files.

First, you need to create Java Keystore to store sensitive strings .

$ keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass vault22 -keypass vault22 -validity 730 -keystore WILDFLY_HOME/vault/vault.keystore

Then initialize Password Vault and save the password for the ssl keystore:

wildfly-8.1.0.Final/bin$ sh vault.sh

=========================================================================

  JBoss Vault Tool
  JBOSS_HOME: "wildfly-8.1.0.Final"
  JAVA: ""
  JAVA_OPTS: ""

=========================================================================

**********************************
****  JBoss Vault  ***************
**********************************
Please enter a Digit::   0: Start Interactive Session   1: Remove Interactive Session  2: Exit
0
Starting an interactive session
Enter directory to store encrypted files:/home/fsierra/vault/
Enter Keystore URL:home/fsierra/vault/vault.keystore
Enter Keystore password:
Enter Keystore password again:
Values match
Enter 8 character salt:12345678
Enter iteration count as a number (e.g.: 44):17
Enter Keystore Alias:Vault
Initializing Vault
ene 13, 2015 12:42:48 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready
Vault Configuration in WildFly configuration file:
********************************************
...
</extensions>
<vault>
  <vault-option name="KEYSTORE_URL" value="/home/fsierra/vault/vault.keystore"/>
  <vault-option name="KEYSTORE_PASSWORD" value="MASK-49SI2WfwF1X"/>
  <vault-option name="KEYSTORE_ALIAS" value="Vault"/>
  <vault-option name="SALT" value="12345678"/>
  <vault-option name="ITERATION_COUNT" value="17"/>
  <vault-option name="ENC_FILE_DIR" value="/home/fsierra/vault/"/>
</vault><management> ...
********************************************
Vault is initialized and ready for use
Handshake with Vault complete
Please enter a Digit::   0: Store a secured attribute  1: Check whether a secured attribute exists  2: Exit
0
Task: Store a secured attribute
Please enter secured attribute value (such as password):
Please enter secured attribute value (such as password) again:
Values match
Enter Vault Block:keystore
Enter Attribute Name:password
Secured attribute value has been stored in Vault.
Please make note of the following:
********************************************
Vault Block:keystore
Attribute Name:password
Configuration should be done as follows:
VAULT::keystore::password::1
********************************************
Please enter a Digit::   0: Store a secured attribute  1: Check whether a secured attribute exists  2: Exit


Finally, the keystore password has been masked for use in configuration files and deployments.

For example (standalone.xml):

<extensions>  
    ...  
</extensions>  
<vault>  
    <vault-option name="KEYSTORE_URL" value="/home/fsierra/vault/vault.keystore"/>
    <vault-option name="KEYSTORE_PASSWORD" value="MASK-49SI2WfwF1X"/>
    <vault-option name="KEYSTORE_ALIAS" value="Vault"/>
    <vault-option name="SALT" value="12345678"/>
    <vault-option name="ITERATION_COUNT" value="17"/>
    <vault-option name="ENC_FILE_DIR" value="/home/fsierra/vault/"/>
</vault>
<management>
    <security-realms>
        ...

        <security-realm name="SslRealm">
            <server-identities>
                    <ssl>
                        <keystore path="ssl.jks" relative-to="jboss.server.config.dir" keystore-password="${VAULT::keystore::password::1}"/>
                    </ssl>
            </server-identities>
        </security-realm>
    </security-realms>
</management>

Literature:

+5


source






More articles:


All Articles