I have two different domains
- example1.com
- example2.com
Each domain has its own SSL certificate.
What I am trying to do now, is using both domains for the same WildFly instance, supporting SSL.
The WildFly documentation states, that I can only reference a single certificate in a keystore. Thus, I can't just define a single <security-realm>
with one keystore containing both certificates.
Thus, I defined two different <security-realm>
. One for each domain.
<security-realm name="RealmExample1">
<server-identities>
<ssl>
<keystore path="example1.jks" keystore-password="secret" />
</ssl>
</server-identities>
...
</security-realm>
<security-realm name="RealmExample2">
<server-identities>
<ssl>
<keystore path="example2.jks" keystore-password="secret2" />
</ssl>
</server-identities>
...
</security-realm>
However, I cannot add two security domains to a single host.
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https-ext"/>
<https-listener name="default-ssl" security-realm="UndertowRealm" socket-binding="https"/>
<host name="default-host" alias="localhost">
<filter-ref name="central-basic-auth"/>
</host>
</server>
Now, if I define a server for each domain, I cannot reference the same http/https listener binding, since the ports are blocked.
The only solution I found so far, is having two public IP adresses and defining two interfaces and a http/https socket binding for each interface. Then I am able to define two servers with a different alias and different socket bindings.
As of now, WildFly unfortunately does not support SNI.
Is there any other possible solution?