Secure management interfaces in EAP using one way SSL

1 ) Create a keystore to secure the management interfaces.

example:
$ keytool -genkeypair -alias appserver -storetype jks -keyalg RSA -keysize 2048 -keypass password1 -keystore EAP_HOME/standalone/configuration/identity.jks -storepass password1 -dname "CN=appserver,OU=Sales,O=Systems Inc,L=Raleigh,ST=NC,C=US" -validity 730 -v

[jbossuser@redhat keystore]$ keytool -genkeypair -alias appserver -storetype jks -keyalg RSA -keysize 2048 -keypass password1 -keystore $JBOSS_HOME/standalone/configuration/identity.jks -storepass password1 -dname "CN=appserver,OU=Sales,O=Systems Inc,L=Raleigh,ST=NC,C=US" -validity 730 -v Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 730 days for: CN=appserver, OU=Sales, O=Systems Inc, L=Raleigh, ST=NC, C=US [Storing /home/jbossuser/Redhat_EAP-7.1.0/standalone/configuration/identity.jks] Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /home/jbossuser/Redhat_EAP-7.1.0/standalone/configuration/identity.jks -destkeystore /home/jbossuser/Redhat_EAP-7.1.0/standalone/configuration/identity.jks -deststoretype pkcs12".

NOTE: This keystore must be in JKS format as the management interfaces are not compatible with keystores in JCEKS format.

2) Bind management interface to https.

example:
/core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https) /core-service=management/management-interface=http-interface:undefine-attribute(name=socket-binding)