[keycloak-dev] Enabling SSL over keycloak/wildfly server

Giriraj Sharma giriraj.sharma27 at gmail.com
Tue Jun 9 16:33:07 EDT 2015 

When Let’s Encrypt <https://letsencrypt.org/howitworks/> based on ACME
(Automated Certificate Management Environment) spec launches in mid-2015,
enabling HTTPS for any site will be as easy as installing a small piece of
certificate management software on the server:

$ sudo apt-get install lets-encrypt

$ lets-encrypt example.com

That’s all there is to it! https://example.com is immediately live.
Automatic renew and on demand revocation are equally easier.

A sample let's encrypt SSL client demo is  here
<https://www.youtube.com/watch?v=Gas_sSB-5SU>. For documentation, check here
<https://letsencrypt.readthedocs.org/en/latest/intro.html#about-the-let-s-encrypt-client>
.

Let's encrypt is free, open and automated with out of box support for
apache/nginx and standalone support for other web servers. It automatically
configures an app deployed on apache or nginx with a single command with
absolute no human intervention. Its stand alone mode (for other web
servers) generates SSL cert for the app(domain) which can be manually
configured/installed or a better method will be installation via an
automated script(like for keycloak server).  Currently, Let’s Encrypt
provides a developer preview only intended for testers and developers. It,
at present installs certs signed by the TEST CA, which might generate
exception warnings in client browsers. But, they have announced to come out
with final solution by Mid 2015.

As Keycloak will be requiring SSL, let's encrypt standalone support with a
script for automatic installation of cert on keycloak/wildfly server might
come out as one easier rescue.

Cheers,
-- 

Giriraj Sharma
about.me/girirajsharma
<http://about.me/girirajsharma?promo=email_sig>
 Giriraj Sharma,
Department of Computer Science
National Institute of Technology Hamirpur
Himachal Pradesh, India 177005
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150610/14dd958d/attachment-0001.html

More information about the keycloak-dev mailing list