- After creating the server (i.e.
/opt/wlp/bin/server create
), create the security directory:
cd /opt/wlp/usr/servers/defaultServer/
mkdir resources
mkdir resources/security
- Export your certificates into
pkcs12
keystore (replacefouad.io
with appropriate parameter):
sudo openssl pkcs12 -export -out key.p12 -in /etc/letsencrypt/live/fouad.io/fullchain.pem -name default -inkey /etc/letsencrypt/live/fouad.io/privkey.pem -password pass:123456
- Convert
pkcs12
keystore into Java keystore (jks) and use the same password for both Java keystore and the key (assuming it ispass@key999
):
keytool -importkeystore -deststorepass pass@key999 -destkeypass pass@key999 -destkeystore key.jks -srckeystore key.p12 -srcstoretype PKCS12 -srcstorepass 123456 -alias default
- Delete
key.p12
:
rm /opt/wlp/usr/servers/defaultServer/resources/security/key.p12
- Encode the password with
securityUtility
:
/opt/wlp/bin/securityUtility encode pass@key999
This will result in something like {xor}Lz4sLB80OiZmZmY=
.
- Update
server.xml
with the keystore information:
nano /opt/wlp/usr/servers/defaultServer/server.xml
add the following inside <server>
tag:
<keyStore id="defaultKeyStore"
type="JKS" password="{xor}Lz4sLB80OiZmZmY="
pollingRate="5s"
updateTrigger="polled" />
- Restart/Start the server:
/opt/wlp/bin/server stop
/opt/wlp/bin/server start