Enable SSL/TLS

Preconditions

Configuration

1. Add the tls/ssl certifcate, usally in the format of a .pfx file, to the keystore.jks or a keystore to your liking in the wildlfy\ssl\ folder

2. Set a password for the keystore and the tls certificate

3. Configure the tls module in standalone-tim.xml according to your keystore and password under httpsKeyStore

   <tls> <key-stores> <key-store name="jwt-key-store"> <credential-reference clear-text="changeit"/> <implementation type="JKS"/> <file path="jwt.keystore" relative-to="jboss.server.config.dir"/> </key-store> <key-store name="httpsKeyStore"> <credential-reference clear-text="changeit"/> <implementation type="JKS"/> <file path="../ssl/keystore.jks" relative-to="jboss.server.base.dir"/> </key-store> </key-stores> <key-managers> <key-manager name="httpsKeyManager" key-store="httpsKeyStore"> <credential-reference clear-text="changeit"/> </key-manager> </key-managers> <server-ssl-contexts> <server-ssl-context name="httpsSSLContext" protocols="TLSv1.2" key-manager="httpsKeyManager"/> </server-ssl-contexts> </tls>

4. Restart TIM Service and open your TIM url with https://yourname:port/tim/client/ You find the https port in the standalone-tim.xml in the module socket-binding-group

Best practice

• Set the same credentials for the jks and tls certificate for easy maintenance.

• Use a dedicated .jks store just for tls eg tls.jks for easy maintenance.