|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: 'Introduction to a GUI wizard to configure TLS in WildFly' |
| 4 | +date: 2025-04-17 |
| 5 | +tags: tls |
| 6 | +synopsis: Learn how to use a GUI wizard to configure one-way TLS in WildFly. |
| 7 | +author: theashiot |
| 8 | +--- |
| 9 | + |
| 10 | +:toc: macro |
| 11 | +:toc-title: |
| 12 | + |
| 13 | +This blog post introduces a stand-alone GUI wizard called "TLS wizard". By using the wizard, you can enable one-way TLS for applications deployed to WildFly as well as the WildFly management interfaces. The wizard guides you through creating a self-signed certificate, which the wizard uses to configure one-way TLS. |
| 14 | + |
| 15 | +toc::[] |
| 16 | + |
| 17 | +== Prerequisites |
| 18 | + |
| 19 | +To follow along with this guide, you will need: |
| 20 | + |
| 21 | +* Roughly 5 minutes. |
| 22 | +* WildFly application server installed |
| 23 | +* Maven installed. |
| 24 | + |
| 25 | +== The TLS wizard |
| 26 | + |
| 27 | +The wizard is available at this link https://github.com/wildfly-security-incubator/tlswizard[tlswizard]. |
| 28 | + |
| 29 | +To obtain the wizard, clone the tlswizard repository: |
| 30 | + |
| 31 | +[source] |
| 32 | +---- |
| 33 | +$ git clone git@github.com:wildfly-security-incubator/tlswizard.git |
| 34 | +---- |
| 35 | + |
| 36 | +Alternatively, you can download the ZIP archive of the application as follows: |
| 37 | + |
| 38 | +. Navigate to https://github.com/wildfly-security-incubator/tlswizard[] |
| 39 | +. Click the *<> Code* button. |
| 40 | +. Click *Download ZIP*. |
| 41 | +. Extract the application from the downloaded archive. |
| 42 | + |
| 43 | +== Using the application |
| 44 | + |
| 45 | +You can enable one-way TLS for applications deployed to WildFly or the WildFly management interface by following these steps: |
| 46 | + |
| 47 | +. Start the WildFly server. |
| 48 | +. Navigate to the application directory `tlswizard`. |
| 49 | +. Launch the application: |
| 50 | ++ |
| 51 | +[code] |
| 52 | +---- |
| 53 | +$ mvn clean javafx:run |
| 54 | +---- |
| 55 | + |
| 56 | +. Enter the IP for the server. The default is `127.0.0.1` (localhost). For local WildFly deployments, you don't need to update this. |
| 57 | + |
| 58 | +. Select `applications` or `management interfaces` to secure applications or management interfaces. |
| 59 | + |
| 60 | +. Click *Next*. |
| 61 | + |
| 62 | +. Enter a name for the key store to create with the `.pkcs12` extension. |
| 63 | + |
| 64 | +. Enter details for the certificate to be generated. If you don't, all the values are set to `unknown`. |
| 65 | + |
| 66 | +. Click *Configure TLS*. |
| 67 | + |
| 68 | +. To verify TLS, do this: |
| 69 | + |
| 70 | +** If you secure applications: Navigate to link:https://localhost:8443[]. Inspect the certificate. The `Common Name (CN)` should match the first and last name you entered. |
| 71 | + |
| 72 | +** If you secured the management interface: Navigate to link:http://localhost:9990[]. You will be redirected to `localhost:9993` Inspect the certificate. The `Common Name (CN)` should match the first and last name you entered. |
| 73 | + |
| 74 | +== Resources |
| 75 | +* https://docs.wildfly.org/36/WildFly_Elytron_Security.html#configure-ssltls[WildFly documentation for configuring SSL/TLS] |
0 commit comments