Java Reference
In-Depth Information
Enabling the Secure Socket Layer on WildFly
WildFly uses the
Java Secure Socket Extension
(
JSSE
), which is bundled in the Java SE
to leverage the SSL/TLS communication.
An Enterprise application can be secured at two different locations: the HTTP level for web
applications, and the RMI level for applications using EJB. HTTP communication is
handled by the web subsystem within the
standalone.xml
/
domain.xml
file. Secur-
ing the RMI transport is, on the other hand, not always a compelling requirement of your
applications. Actually, in most production environments, WildFly is placed behind a fire-
wall.
As you can see from the following diagram, this implies that your EJBs are not directly ex-
posed to untrusted networks, which usually connect through the web server placed in a de-
militarized zone:
In order to get started with WildFly and SSL, we need a tool that generates a public/private
key pair in the form of an x.509 certificate for use by the SSL server sockets. This is
covered in the next section.
Certificate management tools
One tool that can be used to set up a digital certificate is
keytool
, a key and certificate man-
agement utility that ships with the Java SE. It enables users to administer their own public/
private key pairs and associated certificates for use in self-authentication (where the user
authenticates himself or herself to other users or services) or data integrity and authentica-
