This article will detail the process to apply a keystore ( hosting certificates ) to a WildFly deployment. This allows the team to utilize their own certificates while implementing SSL. The process will require the utilization of both Infogix's "jboss-cli" utility and Java's "keytool" utility.
Please note, throughout this exercise we will assume the INFOGIX_HOME directory is /opt/Infogix
Prior to completing the following steps, ensure a "clean" is performed against the JVM / product. Ensuring the JVM is clean prior to performing these steps will prevent any corruptions. The "clean" script may be located within the /opt/Infogix/bin directory.
1) Create a file titled configSSLKeystore ( name being arbitrary ) with the following 4 lines placed within :
/core-service=management/security-realm=ApplicationRealm/server-identity=ssl/:write-attribute(name=keystore-path,value=<keystore name>)
/core-service=management/security-realm=ApplicationRealm/server-identity=ssl/:write-attribute(name=keystore-password,value=<password>)
/core-service=management/security-realm=ApplicationRealm/server-identity=ssl/:write-attribute(name=key-password,value=<password>)
/core-service=management/security-realm=ApplicationRealm/server-identity=ssl/:write-attribute(name=alias,value=<alias>)
Edit the <keystore name>, <password> and <alias> fields ( alias defaults to "mykey" if certificate does not have it defined ). Example as follows :
/core-service=management/security-realm=ApplicationRealm/server-identity=ssl/:write-attribute(name=keystore-path,value=/opt/Infogix/server.keystore)
/core-service=management/security-realm=ApplicationRealm/server-identity=ssl/:write-attribute(name=keystore-password,value=password)
/core-service=management/security-realm=ApplicationRealm/server-identity=ssl/:write-attribute(name=key-password,value=password)
/core-service=management/security-realm=ApplicationRealm/server-identity=ssl/:write-attribute(name=alias,value=mykey)
Please note, Java's "keytool" utility may be utilized to locate the above values, as needed. This will require access to your JAVA_HOME location, in addition to an existing keystore where the certificate resides.
keytool -list -v -keystore <keystore_location>
Edit the <keystore_location> field. Example as follows :
keytool -list -v -keystore /opt/Infogix/server.keystore
2) Once the above has been completed, you may apply these values to your WildFly deployment by utilizing the jboss-cli utility.
This can be found within your Infogix <install_home> location :
/opt/Infogix/wildfly/bin/jboss-cli
Execute the jboss-cli utility with the following values appended :
jboss-cli.sh --connect controller=<wildfly_server> --user=<wildfly_admin> --password=<wildfly_password> --file=<filename>
Please note, this will be required for both nodes if you are performing these steps within a clustered environment. For example, both the /wildfly and /wildfly2 folders will have their own jboss-cli utility which will apply changes to their respective node.
Edit the <wildfly_server>, <wildfly_admin>, <wildfly_password> and <filename> fields. Example as follows :
jboss-cli.sh --connect controller=111.111.11.111:9990 --user=admin --password=password --file=/opt/Infogix/configSSLKeystore
Please note, the above controller IP will be from the server running the specific WildFly node. The above port appended after the IP can be located within Infogix's appserver.properties (9990 is default). This value will be different for each node if being applied to a clustered environment.
If successful, the following lines will be produced for each execution of jboss-cli :
3) As long as a successful message was returned in the prior step, a deployment of the software may be performed.
The "deploy" script may be located within the /opt/Infogix/bin directory.
deploy.sh -c <JVM> <product>
Edit the <JVM> and <product> fields. Example as follows :
deploy.sh -c IGX IA
Please note, the <product> field will utilize the solution short name. The default solution short name for each product is as follows :
IA - Infogix Assure
II - Infogix Insight
ER - Infogix ER
IV - Infogix Perceive
Comments
0 comments
Please sign in to leave a comment.