8 Replies Latest reply on Sep 27, 2012 2:08 PM by wlam

    How to access to Console over HTTPS in AS 7.1 ?

    sewatech

      Hi,

       

      I wanted to enable SSL access to the HTTP console in JBoss AS 7.1.0.CR1b.

       

      I setup the SSL in security-realm. And then ? The secure-port attribute does not exist anymore in the http-interface element.

       

          <management>
              <security-realms>
                  <security-realm name="ManagementRealm">
                      <authentication>
                          <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                      </authentication>
                      <server-identities>
                           <ssl protocol="TLS">
                               <keystore path="jboss.ks" relative-to="jboss.server.config.dir" password="jbosskey" />
                           </ssl>
                      </server-identities>
                  </security-realm>            
              </security-realms>
              <management-interfaces>
                  <native-interface>
                      <socket-binding native="management-native"/>
                  </native-interface>
                  <http-interface security-realm="ManagementRealm">
                      <socket-binding http="management-http"/>
                  </http-interface>
              </management-interfaces>
          </management>
      

       

      With my config, I have no https access. So what should I add to my configuration to open a https access ?

        • 1. Re: How to access to Console over HTTPS in AS 7.1 ?
          dlofthouse

          On the socket-binding element that you currently have you can add a second attribute 'https' to reference a socket binding to use for https traffic.

          1 of 1 people found this helpful
          • 2. Re: How to access to Console over HTTPS in AS 7.1 ?
            sewatech

            Thanks, that help me. But something else should be wrong in my configuration. Now I've a SSL error.

             

            FF says "The connection was interrupted".

            Chrome says "Erreur 107 (net::ERR_SSL_PROTOCOL_ERROR)"

            And curl: (35) Unknown SSL protocol error in connection to localhost:9991

             

            My configuration is now :

             

                <management>
                    <security-realms>
                        <security-realm name="ManagementRealm">
                            <authentication>
                                <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                            </authentication>
                            <server-identities>
                                 <ssl protocol="TLS">
                                     <keystore path="jboss.ks" relative-to="jboss.server.config.dir" password="jbosskey" />
                                 </ssl>
                            </server-identities>
                        </security-realm>            
                    </security-realms>
                    <management-interfaces>
                        <native-interface>
                            <socket-binding native="management-native"/>
                        </native-interface>
                        <http-interface security-realm="ManagementRealm">
                            <socket-binding http="management-http" https="management-https"/>
                        </http-interface>
                    </management-interfaces>
                </management>
                [....]
                <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
                    [....]
                    <socket-binding name="management-https" interface="management" port="9991"/>
                </socket-binding-group>
            
            • 3. Re: How to access to Console over HTTPS in AS 7.1 ?
              dlofthouse

              Alexis, I am just performing some testing myself in this area - unfortunately it appears that the configuration for SSL is currently broken.

               

              I am currently fixing this under the following issue and should have a pull request sent in this morning: -

               

              https://issues.jboss.org/browse/AS7-3567

              • 4. Re: How to access to Console over HTTPS in AS 7.1 ?
                sewatech

                Looks great Darran, the pull request is merged (https://github.com/jbossas/jboss-as/pull/1338).

                I'll try again with a SNAPSHOT version.

                • 5. Re: How to access to Console over HTTPS in AS 7.1 ?
                  sewatech

                  I've just tested with the nightly build and it's working.

                   

                  In fact, it's working on Firefox, but not on Chrome. With Chrome 16, on MacOS Lion, it's stuck on "Loading" ; probably a Chrome issue (https://www.google.com/support/forum/p/Chrome/thread?tid=0303b3fad6c36446&hl=en).

                  • 6. Re: How to access to Console over HTTPS in AS 7.1 ?
                    wlam

                    I assume the previous discussions are for JBoss 7 standalone mode.  I'm running my Jboss 7.1.1.Final in a domain mode.  Can I also secure the Console in similar ways or others?

                     

                    I've tried to configure Jboss as below config, but I can never get https working on the Console.  If you're looking at "host-controller.log", the Console still starts on "http" instead. There are on errors being thrown out when I run "domain.sh". Thank you.

                     

                    Host.xml

                    =======

                            <management-interfaces>

                                <native-interface security-realm="ManagementRealm">

                                    <socket interface="management" port="${jboss.management.native.port:9999}"/>

                                </native-interface>

                                <http-interface security-realm="ManagementRealm">

                                   <socket interface="management" port="${jboss.management.https.port:9990}"/>

                                </http-interface>

                            </management-interfaces>

                     

                     

                    Domain.xml

                    =========

                            <socket-binding-group name="full-sockets" default-interface="public">

                                <socket-binding name="ajp" port="8009"/>

                                <socket-binding name="http" port="9090"/>

                                <socket-binding name="https" port="9443"/>

                              <socket-binding name="management-https" interface="management" port="9990"/>

                    …………

                            </socket-binding-group>

                     

                    domain/log/host-controller.log

                    ======================

                    09:53:31,691 INFO [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010922: Starting server server-one

                    09:53:31,710 INFO [org.jboss.as.remoting] (MSC service thread 1-2) JBAS017100: Listening on /0.0.0.0:9999

                    09:53:31,799 INFO [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010922: Starting server server-two

                    09:53:31,826 INFO [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://0.0.0.0:9990

                    09:53:31,827 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss AS 7.1.1.Final "Brontes" (Host Controller) started in 3843ms - Started 11 of 11 services (0 services are passive or on-demand)

                    • 7. Re: How to access to Console over HTTPS in AS 7.1 ?
                      wlam

                      Can we enable "ssl" on <http-interface> of <management-interfaces>? thx

                      • 8. Re: How to access to Console over HTTPS in AS 7.1 ?
                        wlam

                        See this answer for domain model- https://community.jboss.org/thread/205230