10.8. Configure the Management Console for HTTPS in Standalone mode

Procedure 10.2. 

  1. Ensure the management console binds to HTTPS for its interface by adding the management-https configuration and removing the management-http configuration.
    This can be done by editing the standalone.xml file (which is not recommended) or by using the following CLI interface commands:
    /core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)
    /core-service=management/management-interface=http-interface:undefine-attribute(name=socket-binding)
  2. Optional:

    If you are using a custom socket-binding group, ensure the management-https binding is defined (it is present by default, bound to port 9443).
     <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
            <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
            <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
            <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
    
    
  3. Add a server-identities element to the security-realm section of the standalone.xml configuration file of your installation.
    Within this element you define the protocol, the keystore path, the keystore password and alias for the key pair.
    Execute the following CLI command, substituting your own values for the example ones. This example assumes that the keystore is copied to the server configuration directory, which is EAP_HOME/standalone/configuration/ for a standalone server.
    /core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-path=server.keystore,keystore-relative-to=jboss.server.config.dir, keystore-password=SECRET, alias=KEY_ALIAS)
  4. Restart your standalone server.