Java Reference
In-Depth Information
We just have to replace the path we used with our actual JDK path and use the client
store's password in order to complete this operation (the default value is
changeit
).
Otherwise, if you want to import the certificate into a newly created
truststore
ob-
ject, just substitute the
cacerts
destination with your client's
truststore
object.
keytool -import -v -trustcacerts -alias wflyAlias -file
sslPublicKey.cer -keystore jbossClient.keystore -keypass
clientPassword -storepass clientPassword
Note
If you choose the latter option, you need to add the following properties to your client's
JDK arguments, which will override the default JDK's
truststore
object:
java -Djavax.net.ssl.trustStore=<truststorefile>
-Djavax.net.ssl.trustStorePassword=<password>
Creating an SSL-aware security realm
Within WildFly, security realms are used to secure access to the management interfaces,
HTTP interface, and remote JNDI and EJB access. Within a security realm, it is also pos-
sible to define an identity for the server; this identity can be used for both inbound con-
nections to the server and outbound connections being established by the server.
Therefore, in order to enable SSL communication for our EJB communication and HTTP,
we will define a security realm (named
EJBRealm
) that is bound to a server identity,
which references the server's
keystore
object, shown as follows:
<security-realm name="EJBRealm">
<server-identities>
<ssl>
<keystore path="jboss.keystore"
relative-to="jboss.server.config.dir"
keystore-password="mypassword"/>
</ssl>
</server-identities>
<authentication>
<jaas name="ejb-security-domain"/>
