5 Replies Latest reply: Mar 28, 2012 5:03 AM by karin k RSS

    enabling ssl for the communication between master and slave host controller

    karin k Newbie

      Hi everybody

       

      this question is related to JBoss 7.1.1.

       

      I would like to enable ssl between master and slave host controller

       

      this is my config

      host.xml of the master

      <security-realm name="ManagementRealmNative">

                      <server-identities>

                              <ssl>

                                  <keystore path="master-jboss.jks" relative-to="jboss.domain.config.dir" password="12345"/>

                              </ssl>

                       </server-identities>

                      <authentication>

                           <truststore path="trusted.jks" relative-to="jboss.domain.config.dir" password="12345"/>

                          <properties path="mgmt-users-native.properties" relative-to="jboss.domain.config.dir"/>       

                      </authentication>

      </security-realm>

      ...

      <management-interfaces>

                  <native-interface security-realm="ManagementRealmNative" >

                      <socket interface="management" port="9999"/>

                  </native-interface>

      ...

      <domain-controller>

              <local/>

      </domain-controller>

       

      host.xml of the slave

        <security-realm name="ManagementRealmNative">

                  <server-identities>

                              <ssl>

                                  <keystore path="jboss-slave.jks" relative-to="jboss.domain.config.dir" password="12345"/>

                              </ssl>

                   </server-identities>

                  <authentication>

                      <truststore path="trusted_devmod.jks" relative-to="jboss.domain.config.dir" password="12345"/>

                  </authentication>

                     

                  </security-realm>

      ....

      <management-interfaces>

                  <native-interface security-realm="ManagementRealmNative" >

                      <socket interface="management" port="19999"/>

                  </native-interface>

      ..

      <domain-controller>

             <remote host="myip" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealmNative"/>

          </domain-controller>

       

      acutally it seems to work (with ssl), I have not debug it, but when using a slave host-controller without ssl enabled I got an error on the master host-controller claiming : Remote connection failed: javax.net.ssl.SSLHandshakeException: no cipher suites in common

       

      Can you pls. just verify my configuration if that makes sense from your point of view.

       

      In the next step I was trying to access the master host controller via using jboss-cli.bat locally on the same machine.

      This failed with the following error message on the master host controller side:

      [org.jboss.remoting.remote.connection] (Remoting "master:MANAGEMENT" read-1) JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

       

      Reading this wiki text

      https://community.jboss.org/wiki/AS710Beta1-SecurityEnabledByDefault

      I thought that local clients will be handled from a security point of view in a different way (using a one time token generated by the server).

      Is this a at the moment a bug or did I misinterpret the wiki or is my config not correct

       

      Thanks for your help

      Karin