10.8. Configure the Management Console for HTTPS in Standalone mode
Procedure 10.2.
- Ensure the management console binds to
HTTPS
for its interface by adding themanagement-https
configuration and removing themanagement-http
configuration.This can be done by editing thestandalone.xml
file (which is not recommended) or by using the following CLI interface commands:/core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)
/core-service=management/management-interface=http-interface:undefine-attribute(name=socket-binding)
Optional:
If you are using a customsocket-binding
group, ensure themanagement-https
binding is defined (it is present by default, bound to port9443
).<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/> <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
- Generate a keypair as discussed in Section 8.4, “Generate a SSL Encryption Key and Certificate”.
- Add a
server-identities
element to thesecurity-realm
section of thestandalone.xml
configuration file of your installation.Within this element you define the protocol, the keystore path, the keystore password and alias for the key pair.Execute the following CLI command, substituting your own values for the example ones. This example assumes that the keystore is copied to the server configuration directory, which isEAP_HOME/standalone/configuration/
for a standalone server./core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-path=server.keystore,keystore-relative-to=jboss.server.config.dir, keystore-password=SECRET, alias=KEY_ALIAS)
- Restart your standalone server.