It seems that there's an effort to have this on Wildfly by default.
So, the only thing we would need is to redirect from HTTP to HTTPS by
Also, the certificate is still a self signed one, although each instance
would have its own certificate. So, no risk of providing the same
private key to all instances of a given release.
1 - http://lists.jboss.org/pipermail/wildfly-dev/2016-June/005040.html