| Installation and Administration | Getting Started | Command Line | Configuration | Eclipse Plugin | Reference Manual |
| Show on single page Show on multiple pages |
|
|
|
|
You can configure WildFly to allow https access to Squore Server instead of http by following the instructions below.
These instructions are based on the standard WildFly instructions from https://docs.jboss.org/author/display/WFLY10/Security+Realms#SecurityRealms-DetailedConfiguration for securing the web server and use a self-signed certificate managed in the Java keystore, which may show a warning in users' browsers.
If your company supply their own certificate and you want to import it instead of generating one, refer to the instructions in the section called “Key and Certificate Management”.
It is also possible to use Apache as a reverse proxy on top of Squore Server to achieve the same result. For more information, consult the section called “Proxying Squore Server with Apache”.
Generate a secret key/certificate and store it in a file called a "key store" (foo.keystore in the current directory). The certificate is valid for 30 years (10950 days). The password use for encryption is "secret". One important issue is the common name (CN) of the certificate. For some reason this is referred to as "first and last name". It should however match the name of the web server, or some browsers like IE will claim the certificate to be invalid although you may have accepted it already.
$ keytool -genkey -alias foo -keyalg RSA -keystore foo.keystore -validity 10950
Enter keystore password: secret
Re-enter new password: secret
What is your first and last name?
[Unknown]: foo.acme.com
What is the name of your organizational unit?
[Unknown]: Foo
What is the name of your organization?
[Unknown]: acme corp
What is the name of your City or Locality?
[Unknown]: Duckburg
What is the name of your State or Province?
[Unknown]: Duckburg
What is the two-letter country code for this unit?
[Unknown]: WD
Is CN=foo.acme.com, OU=Foo, O=acme corp, L=Duckburg, ST=Duckburg, C=WD correct?
[no]: yes
Enter key password for <deva> secret
(RETURN if same as keystore password):
Re-enter new password: secretCreate a new security realm in WildFly's <SQUORE_HOME>/server/standalone/configuration/standalone.xml to configure an SSL Server identity:
<management> <security-realms> <security-realm name="SslRealm"> <server-identities> <ssl> <keystore path="/path/to/foo.keystore" keystore-password="keystore_password" alias="foo" key-password="key_password" /> </ssl> </server-identities> </security-realm> <security-realm name="ManagementRealm"> ... </security-realm> </security-realms> </management>
Add a HTTPS listener next to the default HTTP listener in <SQUORE_HOME>/server/standalone/configuration/standalone.xml:
<http-listener [...] name="default" socket-binding="http" [...] /> <https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm"/>
Start Squore Server. The SSL port is 8443 + the offset selected at installation. By default you should therefore be able to access the web interface via https://localhost:8543 in your browser.