Import signed certificates into wildfly8 issued by Entrust

Question

I've created CSR using keystore file, which is created on my local system.

Once I've received CertificateBundle2.crt & ServerCertificate.crt from CA i.e. Entrust. I'll be using Wildfly 8 as application server.

I followed https://www.entrust.com/get-support/ssl-certificate-support/installation-help/ sites for installation but didn't get much info. First of all not sure which server type i should use.

Answer 1

Since devs (devops, whatever) are often tasked with doing this, when a sysadmin is not there, here is a good short tutorial what to do with a crt file to get it working with wildfly:

http://reallifejava.com/configuring-ssl-in-wildfly-8/

TLDR

1) create a p12 from the crt file e.g.

   openssl pkcs12 -export -in ServerCertificate.crt -inkey yourdomain.com.key -out yourdomain.com.p12 -name default -CAfile CertificateBundle2.crt -caname root

2) import the p12 you created into java keystore

 keytool -importkeystore -deststorepass <secret password> -destkeypass <secret password> -destkeystore yourdomain.com.jks -srckeystore yourdomain.com.p12 -srcstoretype PKCS12 -srcstorepass <secret password used in csr> -alias default

3) reference keystore in standalone.xml

<security-realm name="SslRealm">
<server-identities>
        <ssl>
            <keystore path="yourdomain.com.jks" relative-to="jboss.server.config.dir" keystore-password="<secret password>"/>
    </ssl>
</server-identities>

4) add listener with the https socket binding using this security realm

<https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm"/>

see also:

• https://docs.jboss.org/author/display/WFLY10/Security+Realms
• http://reallifejava.com/configuring-ssl-in-wildfly-8/
• https://wiki.openssl.org/index.php/Binaries (open ssl binaries)
• https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html (keytool)