In order to access directly to the Wildfly servers on a secure connection, it is necessary to set a valid certificate in the Wildfly keystore. This procedure explains how to copy the certificates from Apache into Wildfly (it is trivial to modify in case you need to use some other certificate and private key).
Log into each of the Virtual Appliances as user config and follow these steps:
Backup current Wildfly keystore
cp /opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates/caim-srv ./caim-srv.old
Backup current Wildfly certificate
cp /opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates/caim-srv.cer ./caim-srv.cer.old
Find keystore and current key password. I'll call it <password>
cat /opt/CA/wildfly-idm/standalone/configuration/ca-standalone-full-ha.xml|grep keystore
Get alias of current key. I'll call it <alias>
keytool -list -v -keystore /opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates/caim-srv|grep "Alias name: "
Introduce <password>
Delete current key
keytool -delete -alias <alias> -keystore /opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates/caim-srv
Introduce <password>
<hostname> is a new alias for the certificate. The hostname of the service to be exposed should do fine.
Create PKCS12 file with the certificate and the private key
openssl pkcs12 -export -in /opt/CA/VirtualAppliance/custom/apache-ssl-certificates/localhost.crt -inkey /opt/CA/VirtualAppliance/custom/apache-ssl-certificates/localhost.key -name <hostname> -out localhost.p12
Set <password>
Re-enter <password>
Introduce contents from PKCS12
keytool -importkeystore -destkeystore /opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates/caim-srv -srckeystore localhost.p12 -srcstoretype PKCS12
Introduce <password> (for keystore)
Introduce <password> (for PKCS12)
Copy current Apache certificate into Wildfly
cp /opt/CA/VirtualAppliance/custom/apache-ssl-certificates/localhost.crt /opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates/caim-srv.cer
Restart IM
restart_im
Base information obtained from: https://comm.support.ca.com/kb/ca-identity-suite-virtual-appliance-replacing-self-signed-certs/kb000093224