Steps
Table of Contents | ||
---|---|---|
|
...
FQDN | Internal IP | External IP | Port | |
---|---|---|---|---|
Front-End | account.mydomain.com | 10.0.0.1 | 90.100.110.120 | 443 |
Back-End Node 1 | back-end-1.mydomain.com | 10.1.0.1 | <none> | 7080 and 7443 |
Back-End Node 2 | back-end-2.mydomain.com | 10.1.0.2 | <none> | 7080 and 7443 |
In the different configuration modes, SSL Certificates would be configured as shown in the following table
...
C) Encrypt traffic separately between Front-End and Back-End servers.
These scripts will generate self-signed SSL certificates that uses each host's IP address in the cn-field.
On the Master Node, run config-wildfly-domain-cert-master.sh
...
In this configuration - and depending on your Front-End Server - you may have to separately configure your Front-End Server(s) to trust the Back-End servers' certificates.
Register keystore file to WildFly
In the second phase, when you have produced the key store file, you can configure the HTTPS sockets on WildFly by using the following script on the master node. The script expects to find a keystore.pfx file in the path "${WILDFLY_HOME}\domain\configuration\keystore.pfx". The script will configure key store access using the password that was defined in linux.config before setup.cmd was run
...
language | text |
---|
...
Keystore is registered to WildFly in the next step.
Securing other Back-End connections
...