There are three ways to configure SSL.
...
| FQDN | Internal IP | External IP | Port | |
|---|---|---|---|---|
| Front-End | account.mydomain.com | 10.0.0.1 | 90.100.110.120 | 443 |
| Back-End Node 1 | back-end-1.mydomain.com | 10.1.0.1 | <none> | 7080 and 7443 |
| Back-End Node 2 | back-end-2.mydomain.com | 10.1.0.2 | <none> | 7080 and 7443 |
In the different configuration modes, SSL Certificates would be configured as shown in the following table
...
For the first phase we have provided scripts that will generate self-signed certificates, which can be used for only testing purposes but should be avoided in production.
Pass-Through SSL
Run the config-wildfly-domain-cert-backend.cmd script on the master node, then copy the generated keystore.pfx file over to the slave node to the same path. The keystore.pfx file will be generated in the path %WILDFLY_HOME%\domain\configuration\keystore.pfx.
| Code Block | ||
|---|---|---|
| ||
cd /D %PROGRAMFILES%\ubisecure\customerid\tools config-wildfly-domain-cert-backend.cmd |
Encrypt traffic separately between Front-End and Back-End servers.
These scripts will generate self-signed SSL certificates that uses each host's IP address in the cn-field.
On the Master Node, run config-wildfly-domain-cert-master.cmd
...
Keystore is registered to WildFly in the next step.
Securing other Back-End connections
Ubisecure CustomerID can be configured to make calls to third-party software during the user registration workflows. Typically data entered by the user is verified against a CRM or other backend service to determine which access rights a user should be automatically given based on an existing service agreement.
...