WildFly Core's FileKeystore.load method is clearly able to use a keystore for which a key alias isn't defined (though not sure what would happen if there are multiple keys). However, Swarm's CertInfo.isValid rejects that situation.
This means that configuration like this
isn't enough to enable HTTPS, the key alias needs to be specified as well. Which isn't always necessary. IMHO, Swarm is being overly cautious here.