13 Replies Latest reply on Oct 17, 2012 7:02 AM by ybxiang.china

Remoting over SSL on AS 7.1.3

renz13 Oct 16, 2012 12:14 PM

Hello,

I'm trying to call SLSB using remoting with SSL, and I have exception thrown in the log (in red), but the remote call (sayHello) seems to complete correctly (in green).

Here are my log (with -Djavax.net.debug=ssl in blue) :

16 oct. 2012 18:05:24 org.xnio.Xnio <clinit>
INFO: XNIO Version 3.0.6.GA
16 oct. 2012 18:05:24 org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.0.6.GA
16 oct. 2012 18:05:24 org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 3.2.8.SP1
16 oct. 2012 18:05:24 org.jboss.remoting3.remote.RemoteConnection handleException
ERROR: JBREM000200: Remote connection failed: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL
16 oct. 2012 18:05:24 org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers
WARN: Could not register a EJB receiver for connection to 127.0.0.1:4447
java.lang.RuntimeException: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL
    at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:76)
    at org.jboss.ejb.client.EJBClientContext.<clinit>(EJBClientContext.java:77)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:68)
    at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.remplaceProperties(TestSansProperties_HardCoded_SSL.java:83)
    at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.main(TestSansProperties_HardCoded_SSL.java:41)
Caused by: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL
    at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:501)
    at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:440)
    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
    at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
    at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
    at org.xnio.nio.NioHandle.run(NioHandle.java:90)
    at org.xnio.nio.WorkerThread.run(WorkerThread.java:187)
    at ...asynchronous invocation...(Unknown Source)
    at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
    at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386)
    at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:151)
    at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:132)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:117)
    ... 5 more
keyStore is : resources/jbossClient.keystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : clientalias
chain [0] = [
[
Version: V3
Subject: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 128038211344699500976741729824154447620256405266811708513639786099468380339246530850683082209465586238714436139226775425199137851291126409903734486517617478416640000716063613243468179422306411671349877462549907180284053701012568948316807810932677830477271247357253713707531173080841044302803580665414904518119
public exponent: 65537
Validity: [From: Tue Sep 25 16:08:09 CEST 2012,
               To: Fri Sep 23 16:08:09 CEST 2022]
Issuer: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
SerialNumber: [    5061bac9]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 9C F7 06 24 06 3F 4B 3B   D1 DC 28 4E 11 8A B4 A3 ...$.?K;..(N....
0010: 4A 33 E2 C9 F2 4D 4D AE   03 CB 8A B0 70 0F 5D E6 J3...MM.....p.].
0020: AB E0 A6 68 6D CA A6 08   EC 0F 41 BF 2D 04 17 A6 ...hm.....A.-...
0030: B6 98 B6 D8 CC 7E F2 13   4C 2B 59 A8 92 18 F2 23 ........L+Y....#
0040: FD EF 7E 9C 5D 0D 7D 5C   19 A3 72 BB D1 52 09 84 ....]..\..r..R..
0050: 78 AA 7F 5F E2 D3 14 44   96 1B 39 7C 1C ED EE 4B x.._...D..9....K
0060: 96 54 EF CA F7 67 C9 43   CC E9 9E C5 67 AC 67 CD .T...g.C....g.g.
0070: 1E 23 66 A7 C0 10 54 3A   39 5B 6E E8 95 E6 DB 95 .#f...T:9[n.....

]
***
trustStore is: resources\jbossClient.keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Issuer: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Algorithm: RSA; Serial number: 0x5061ba8f
Valid from Tue Sep 25 16:07:11 CEST 2012 until Fri Sep 23 16:07:11 CEST 2022

adding as trusted cert:
Subject: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Issuer: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Algorithm: RSA; Serial number: 0x5061bac9
Valid from Tue Sep 25 16:08:09 CEST 2012 until Fri Sep 23 16:08:09 CEST 2022

trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1350337732 bytes = { 230, 110, 201, 210, 209, 236, 86, 26, 42, 8, 254, 58, 217, 127, 122, 126, 44, 16, 147, 222, 183, 114, 206, 196, 83, 3, 31, 241 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
Remoting "client-endpoint" read-1, WRITE: TLSv1 Handshake, length = 75
Remoting "client-endpoint" read-1, WRITE: SSLv2 client hello message, length = 101
Remoting "client-endpoint" read-1, READ: TLSv1 Handshake, length = 668
*** ServerHello, TLSv1
RandomCookie: GMT: 1350337732 bytes = { 18, 118, 227, 51, 107, 31, 167, 218, 1, 238, 48, 185, 108, 43, 187, 137, 106, 104, 90, 215, 89, 105, 165, 226, 135, 55, 175, 81 }
Session ID: {80, 125, 133, 196, 80, 185, 7, 27, 71, 182, 172, 15, 163, 9, 156, 188, 207, 74, 231, 90, 8, 116, 88, 42, 140, 194, 137, 237, 206, 38, 198, 182}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 101028752172251961940192240051749202004191747004321614332606078813531926336145572350082220551431187494669494141003006410640812308095259244238128267330371599077621855381834702517193087322864917471691135389505576643291381618903065408986625656831478917633582898977714214043203922239179795871475084980942771015429
public exponent: 65537
Validity: [From: Tue Sep 25 16:07:11 CEST 2012,
               To: Fri Sep 23 16:07:11 CEST 2022]
Issuer: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
SerialNumber: [    5061ba8f]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 75 25 39 31 37 CF F9 AF   EB B2 18 9F 77 67 4E FE u%917.......wgN.
0010: 18 CA B2 D2 7A B7 AF 1F   E6 47 4D 8E 88 9B 5C CD ....z....GM...\.
0020: 96 8F D5 A4 E8 3D FC 97   B8 20 FD C2 7F 43 B6 C0 .....=... ...C..
0030: 55 B4 9E 06 D0 B4 7C AC   1B 96 DD 32 26 7E 81 E3 U..........2&...
0040: B5 6B EC 09 60 B5 94 0B   10 53 20 61 18 26 80 94 .k..`....S a.&..
0050: 19 6D 39 9E 16 5F 89 F2   50 9C 69 61 63 07 48 EC .m9.._..P.iac.H.
0060: BF 63 FE DC 0A 06 E9 40   33 BC 08 D7 48 1F 69 72 .c.....@3...H.ir
0070: F2 72 D9 6A 02 F8 6A EB   85 D9 8D B3 BF ED ED 47 .r.j..j........G

]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 101028752172251961940192240051749202004191747004321614332606078813531926336145572350082220551431187494669494141003006410640812308095259244238128267330371599077621855381834702517193087322864917471691135389505576643291381618903065408986625656831478917633582898977714214043203922239179795871475084980942771015429
public exponent: 65537
Validity: [From: Tue Sep 25 16:07:11 CEST 2012,
               To: Fri Sep 23 16:07:11 CEST 2022]
Issuer: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
SerialNumber: [    5061ba8f]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 75 25 39 31 37 CF F9 AF   EB B2 18 9F 77 67 4E FE u%917.......wgN.
0010: 18 CA B2 D2 7A B7 AF 1F   E6 47 4D 8E 88 9B 5C CD ....z....GM...\.
0020: 96 8F D5 A4 E8 3D FC 97   B8 20 FD C2 7F 43 B6 C0 .....=... ...C..
0030: 55 B4 9E 06 D0 B4 7C AC   1B 96 DD 32 26 7E 81 E3 U..........2&...
0040: B5 6B EC 09 60 B5 94 0B   10 53 20 61 18 26 80 94 .k..`....S a.&..
0050: 19 6D 39 9E 16 5F 89 F2   50 9C 69 61 63 07 48 EC .m9.._..P.iac.H.
0060: BF 63 FE DC 0A 06 E9 40   33 BC 08 D7 48 1F 69 72 .c.....@3...H.ir
0070: F2 72 D9 6A 02 F8 6A EB   85 D9 8D B3 BF ED ED 47 .r.j..j........G

]
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Remoting "client-endpoint" read-1, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 06 C4 3F A4 B7 78   80 1A 71 D1 D3 F2 D8 FC ....?..x..q.....
0010: C0 49 A8 EC F0 F3 0D E6   0D 9C 3D 4E 0D 3C 44 3A .I........=N.<D:
0020: D5 E2 FE CC 40 3C 0D 76   E5 1A 41 99 AE 62 23 A4 ....@<.v..A..b#.
CONNECTION KEYGEN:
Client Nonce:
0000: 50 7D 85 C4 E6 6E C9 D2   D1 EC 56 1A 2A 08 FE 3A P....n....V.*..:
0010: D9 7F 7A 7E 2C 10 93 DE   B7 72 CE C4 53 03 1F F1 ..z.,....r..S...
Server Nonce:
0000: 50 7D 85 C4 12 76 E3 33   6B 1F A7 DA 01 EE 30 B9 P....v.3k.....0.
0010: 6C 2B BB 89 6A 68 5A D7   59 69 A5 E2 87 37 AF 51 l+..jhZ.Yi...7.Q
Master Secret:
0000: 46 D3 15 E3 A6 52 B7 E6   BC 5F E4 EC 4F 19 74 C3 F....R..._..O.t.
0010: 09 EE B3 D5 19 87 07 C4   EC 74 A4 89 6A E8 4C F4 .........t..j.L.
0020: 1F 7F 56 90 06 AA E7 56   1B 19 9A 4B 5D 14 A6 5A ..V....V...K]..Z
Client MAC write Secret:
0000: 83 31 62 12 42 E2 70 B4   30 D2 AC 23 90 54 FC 6C .1b.B.p.0..#.T.l
Server MAC write Secret:
0000: 66 79 22 50 3B 30 6E 96   F0 D9 45 03 2A 36 D1 66 fy"P;0n...E.*6.f
Client write key:
0000: EB 8C 0F 4A 8A 0E 0C 2A   67 D8 E2 1D 3C 98 FD B5 ...J...*g...<...
Server write key:
0000: E7 B0 C6 87 5D 6E 4C E2   03 FF 51 78 09 DE 09 95 ....]nL...Qx....
... no IV used for this cipher
Remoting "client-endpoint" read-1, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 160, 175, 14, 110, 244, 85, 161, 158, 235, 244, 107, 89 }
***
Remoting "client-endpoint" read-1, WRITE: TLSv1 Handshake, length = 32
Remoting "client-endpoint" read-1, READ: TLSv1 Change Cipher Spec, length = 1
Remoting "client-endpoint" read-1, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 1, 220, 238, 125, 190, 65, 114, 251, 110, 54, 243, 75 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
Remoting "client-endpoint" write-1, WRITE: TLSv1 Application Data, length = 25
Remoting "client-endpoint" task-1, WRITE: TLSv1 Application Data, length = 26
main, WRITE: TLSv1 Application Data, length = 41
Remoting "client-endpoint" task-4, WRITE: TLSv1 Application Data, length = 15
16 oct. 2012 18:05:24 org.jboss.ejb.client.remoting.VersionReceiver handleMessage
INFO: EJBCLIENT000017: Received server version 1 and marshalling strategies [river]
Remoting "client-endpoint" task-4, WRITE: TLSv1 Application Data, length = 20
Remoting "client-endpoint" task-4, WRITE: TLSv1 Application Data, length = 12
16 oct. 2012 18:05:24 org.jboss.ejb.client.remoting.RemotingConnectionEJBReceiver associate
INFO: EJBCLIENT000013: Successful version handshake completed for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@12c7568, receiver=Remoting connection EJB receiver [connection=Remoting connection <13ad085>,channel=jboss.ejb,nodename=renz-precision]} on channel Channel ID b04700ad (outbound) of Remoting connection 0076e369 to localhost/127.0.0.1:4447
Remoting "client-endpoint" task-1, WRITE: TLSv1 Application Data, length = 15
16 oct. 2012 18:05:24 org.jboss.ejb.client.EJBClient <clinit>
INFO: JBoss EJB Client version 1.0.11.Final
main, WRITE: TLSv1 Application Data, length = 136
main, WRITE: TLSv1 Application Data, length = 15
[sayHello()] Helloworld!!!
Thread-1, WRITE: TLSv1 Application Data, length = 5
Thread-1, called closeOutbound()
Thread-1, closeOutboundInternal()
Thread-1, SEND TLSv1 ALERT: warning, description = close_notify
Thread-1, WRITE: TLSv1 Alert, length = 18
Thread-1, READ: TLSv1 Alert, length = 18
Thread-1, RECV TLSv1 ALERT: warning, close_notify
Thread-1, closeInboundInternal()
Thread-1, closeOutboundInternal()

Now my client code :

public static void main(String[] args) {
         
        HelloworldRemote remote = null ;
    
        try {
       
            System.setProperty("javax.net.ssl.trustStore", "resources/jbossClient.keystore") ;
            System.setProperty("javax.net.ssl.trustStorePassword", "clientPassword") ;
            
            setProperties() ;
            
            remote = lookupRemoteStatelessBean();
            
            System.err.println("[sayHello()] "+remote.sayHello()) ;            
            
        } catch (Exception e) {
            e.printStackTrace();
        }
        
        

    }
    
    private static void setProperties() throws FileNotFoundException, IOException {
        final Properties clientConfigProps = new Properties() ;
        
        clientConfigProps.put("endpoint.name","client-endpoint") ;
        clientConfigProps.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED","true") ;
         
        clientConfigProps.put("remote.connections","default") ;
         
        clientConfigProps.put("remote.connection.default.host","localhost") ;
        clientConfigProps.put("remote.connection.default.port","4447") ;
        clientConfigProps.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS","false") ;
        clientConfigProps.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT","false") ;
        clientConfigProps.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS","JBOSS-LOCAL-USER") ;
        
        clientConfigProps.put("remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS", "true") ;
        
        clientConfigProps.put("remote.connection.default.username","992600056") ;
        clientConfigProps.put("remote.connection.default.password","pass") ;    
                        
        final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(clientConfigProps);
        final ContextSelector<EJBClientContext> ejbClientContextSelector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration);
        
        EJBClientContext.setSelector(ejbClientContextSelector);
    }

    
    private static HelloworldRemote lookupRemoteStatelessBean() throws NamingException {
        final Properties jndiProperties = new Properties();
        jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
        final Context context = new InitialContext(jndiProperties);
        final String appName = "Helloworld";
        final String moduleName = "HelloworldEJB";
        final String distinctName = "";
        final String beanName = "HelloworldBean";
        final String viewClassName = HelloworldRemote.class.getName();
        return (HelloworldRemote) context.lookup("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);
    }

1. Re: Remoting over SSL on AS 7.1.3

ctomc Oct 16, 2012 12:18 PM (in response to renz13)

Hi,

you have problems with TLS not SSL.

remove STARTTLS from config and SSL will probably work.

--
tomaz
Actions
2. Re: Remoting over SSL on AS 7.1.3

renz13 Oct 16, 2012 12:38 PM (in response to ctomc)

Oops, actually I want to use TLS not SSL.

But if I remove STARTTLS, I still have the exception "Client starting STARTTLS but channel doesn't support SSL" and the remote call fails.

The client log :

16 oct. 2012 18:38:38 org.xnio.Xnio <clinit>
INFO: XNIO Version 3.0.6.GA
16 oct. 2012 18:38:38 org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.0.6.GA
16 oct. 2012 18:38:38 org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 3.2.8.SP1
16 oct. 2012 18:38:38 org.jboss.remoting3.remote.RemoteConnection handleException
ERROR: JBREM000200: Remote connection failed: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL
16 oct. 2012 18:38:38 org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers
WARN: Could not register a EJB receiver for connection to 127.0.0.1:4447
java.lang.RuntimeException: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL
    at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:76)
    at org.jboss.ejb.client.EJBClientContext.<clinit>(EJBClientContext.java:77)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:68)
    at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.remplaceProperties(TestSansProperties_HardCoded_SSL.java:83)
    at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.main(TestSansProperties_HardCoded_SSL.java:41)
Caused by: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL
    at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:501)
    at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:440)
    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
    at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
    at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
    at org.xnio.nio.NioHandle.run(NioHandle.java:90)
    at org.xnio.nio.WorkerThread.run(WorkerThread.java:187)
    at ...asynchronous invocation...(Unknown Source)
    at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
    at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386)
    at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:151)
    at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:132)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:117)
    ... 5 more
keyStore is : resources/jbossClient.keystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : clientalias
chain [0] = [
[
Version: V3
Subject: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 128038211344699500976741729824154447620256405266811708513639786099468380339246530850683082209465586238714436139226775425199137851291126409903734486517617478416640000716063613243468179422306411671349877462549907180284053701012568948316807810932677830477271247357253713707531173080841044302803580665414904518119
public exponent: 65537
Validity: [From: Tue Sep 25 16:08:09 CEST 2012,
               To: Fri Sep 23 16:08:09 CEST 2022]
Issuer: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
SerialNumber: [    5061bac9]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 9C F7 06 24 06 3F 4B 3B   D1 DC 28 4E 11 8A B4 A3 ...$.?K;..(N....
0010: 4A 33 E2 C9 F2 4D 4D AE   03 CB 8A B0 70 0F 5D E6 J3...MM.....p.].
0020: AB E0 A6 68 6D CA A6 08   EC 0F 41 BF 2D 04 17 A6 ...hm.....A.-...
0030: B6 98 B6 D8 CC 7E F2 13   4C 2B 59 A8 92 18 F2 23 ........L+Y....#
0040: FD EF 7E 9C 5D 0D 7D 5C   19 A3 72 BB D1 52 09 84 ....]..\..r..R..
0050: 78 AA 7F 5F E2 D3 14 44   96 1B 39 7C 1C ED EE 4B x.._...D..9....K
0060: 96 54 EF CA F7 67 C9 43   CC E9 9E C5 67 AC 67 CD .T...g.C....g.g.
0070: 1E 23 66 A7 C0 10 54 3A   39 5B 6E E8 95 E6 DB 95 .#f...T:9[n.....

]
***
trustStore is: resources\jbossClient.keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Issuer: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Algorithm: RSA; Serial number: 0x5061ba8f
Valid from Tue Sep 25 16:07:11 CEST 2012 until Fri Sep 23 16:07:11 CEST 2022

adding as trusted cert:
Subject: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Issuer: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR
Algorithm: RSA; Serial number: 0x5061bac9
Valid from Tue Sep 25 16:08:09 CEST 2012 until Fri Sep 23 16:08:09 CEST 2022

trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1350339726 bytes = { 214, 236, 121, 207, 18, 122, 0, 148, 64, 123, 155, 71, 142, 243, 33, 186, 179, 253, 148, 122, 232, 141, 236, 38, 83, 176, 194, 24 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
Remoting "client-endpoint" read-1, WRITE: TLSv1 Handshake, length = 75
Remoting "client-endpoint" read-1, WRITE: SSLv2 client hello message, length = 101
Remoting "client-endpoint" read-1, fatal error: 80: problem unwrapping net record
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Remoting "client-endpoint" read-1, SEND TLSv1 ALERT: fatal, description = internal_error
Remoting "client-endpoint" read-1, WRITE: TLSv1 Alert, length = 2
16 oct. 2012 18:38:38 org.jboss.remoting3.remote.RemoteConnection handleException
ERROR: JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Remoting "client-endpoint" read-1, called closeOutbound()
Remoting "client-endpoint" read-1, closeOutboundInternal()
16 oct. 2012 18:38:38 org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers
WARN: Could not register a EJB receiver for connection to localhost:4447
java.lang.RuntimeException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:76)
    at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.remplaceProperties(TestSansProperties_HardCoded_SSL.java:83)
    at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.main(TestSansProperties_HardCoded_SSL.java:41)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:152)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:806)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.xnio.ssl.JsseConnectedSslStreamChannel.unwrap(JsseConnectedSslStreamChannel.java:443)
    at org.xnio.ssl.JsseConnectedSslStreamChannel.read(JsseConnectedSslStreamChannel.java:484)
    at org.xnio.ssl.JsseConnectedSslStreamChannel.read(JsseConnectedSslStreamChannel.java:449)
    at org.xnio.channels.FramedMessageChannel.receive(FramedMessageChannel.java:87)
    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Greeting.handleEvent(ClientConnectionOpenListener.java:150)
    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Greeting.handleEvent(ClientConnectionOpenListener.java:142)
    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
    at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
    at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
    at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
    at org.xnio.ssl.JsseConnectedSslStreamChannel.handleReadable(JsseConnectedSslStreamChannel.java:180)
    at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
    at org.xnio.nio.NioHandle.run(NioHandle.java:90)
    at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:208)
    at org.xnio.nio.WorkerThread.run(WorkerThread.java:121)
    at ...asynchronous invocation...(Unknown Source)
    at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
    at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386)
    at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:151)
    at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:132)
    at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:117)
    ... 3 more
16 oct. 2012 18:38:38 org.jboss.ejb.client.EJBClient <clinit>
INFO: JBoss EJB Client version 1.0.11.Final
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1350339726 bytes = { 229, 48, 243, 30, 253, 148, 31, 10, 166, 24, 131, 150, 55, 97, 237, 3, 87, 81, 67, 4, 149, 171, 255, 41, 194, 134, 170, 81 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
Remoting "client-endpoint" read-1, WRITE: TLSv1 Handshake, length = 75
Remoting "client-endpoint" read-1, WRITE: SSLv2 client hello message, length = 101
Remoting "client-endpoint" read-1, fatal error: 80: problem unwrapping net record
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Remoting "client-endpoint" read-1, SEND TLSv1 ALERT: fatal, description = internal_error
Remoting "client-endpoint" read-1, WRITE: TLSv1 Alert, length = 2
Remoting "client-endpoint" read-1, called closeOutbound()
Remoting "client-endpoint" read-1, closeOutboundInternal()
16 oct. 2012 18:38:38 org.jboss.remoting3.remote.RemoteConnection handleException
ERROR: JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
******************** e.class class java.lang.IllegalStateException
java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:Helloworld, moduleName:HelloworldEJB, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@14da8f4
    at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:588)
    at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:116)
    at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183)
    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:136)
    at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121)
    at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104)
    at $Proxy0.sayHello(Unknown Source)
    at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.main(TestSansProperties_HardCoded_SSL.java:45)

The server log :

18:39:37,453 ERROR [org.jboss.remoting.remote.connection] (Remoting "renz-precision" read-1) JBREM000200: Remote connection failed: java.io.IOException: Received an invalid message length of -2140864253
18:39:37,484 ERROR [org.jboss.remoting.remote.connection] (Remoting "renz-precision" read-1) JBREM000200: Remote connection failed: java.io.IOException: Received an invalid message length of -2140864253
Actions
3. Re: Remoting over SSL on AS 7.1.3

dlofthouse Oct 16, 2012 12:39 PM (in response to renz13)

What does your server side configuration look like?
Actions

4. Re: Remoting over SSL on AS 7.1.3

renz13 Oct 16, 2012 12:45 PM (in response to dlofthouse)

My standalone.xml

<?xml version='1.0' encoding='UTF-8'?>

<server xmlns="urn:jboss:domain:1.3">

    <extensions>
        <extension module="org.jboss.as.clustering.infinispan"/>
        <extension module="org.jboss.as.configadmin"/>
        <extension module="org.jboss.as.connector"/>
        <extension module="org.jboss.as.deployment-scanner"/>
        <extension module="org.jboss.as.ee"/>
        <extension module="org.jboss.as.ejb3"/>
        <extension module="org.jboss.as.jaxrs"/>
        <extension module="org.jboss.as.jdr"/>
        <extension module="org.jboss.as.jmx"/>
        <extension module="org.jboss.as.jpa"/>
        <extension module="org.jboss.as.logging"/>
        <extension module="org.jboss.as.mail"/>
        <extension module="org.jboss.as.naming"/>
        <extension module="org.jboss.as.osgi"/>
        <extension module="org.jboss.as.pojo"/>
        <extension module="org.jboss.as.remoting"/>
        <extension module="org.jboss.as.sar"/>
        <extension module="org.jboss.as.security"/>
        <extension module="org.jboss.as.threads"/>
        <extension module="org.jboss.as.transactions"/>
        <extension module="org.jboss.as.web"/>
        <extension module="org.jboss.as.webservices"/>
        <extension module="org.jboss.as.weld"/>
    </extensions>


    <management>
        <security-realms>
            <security-realm name="ManagementRealm">
                <authentication>
                    <local default-user="$local"/>
                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <local default-user="$local" allowed-users="*"/>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>
            <security-realm name="HelloRealm">
                <server-identities>
                    <ssl >
                        <keystore alias="jbossalias" path="jbossServer.keystore" relative-to="jboss.server.config.dir" keystore-password="JBossPassword" key-password="JBossPassword"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <jaas name="HelloDomain"/>
                </authentication>
            </security-realm>
        </security-realms>
        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket-binding native="management-native"/>
            </native-interface>
            <http-interface security-realm="ManagementRealm">
                <socket-binding http="management-http"/>
            </http-interface>
        </management-interfaces>
    </management>

    <profile>
        <subsystem xmlns="urn:jboss:domain:logging:1.1">
            <console-handler name="CONSOLE">
                <level name="TRACE"/>
                <formatter>
                    <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                </formatter>
            </console-handler>
            <periodic-rotating-file-handler name="FILE">
                <formatter>
                    <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                </formatter>
                <file relative-to="jboss.server.log.dir" path="server.log"/>
                <suffix value=".yyyy-MM-dd"/>
                <append value="true"/>
            </periodic-rotating-file-handler>
            <logger category="org.jboss.security">
                <level name="TRACE"/>
            </logger>
            <logger category="com.arjuna">
                <level name="WARN"/>
            </logger>
            <logger category="org.apache.tomcat.util.modeler">
                <level name="WARN"/>
            </logger>
            <logger category="sun.rmi">
                <level name="WARN"/>
            </logger>
            <logger category="jacorb">
                <level name="WARN"/>
            </logger>
            <logger category="jacorb.config">
                <level name="ERROR"/>
            </logger>
            <root-logger>
                <level name="INFO"/>
                <handlers>
                    <handler name="CONSOLE"/>
                    <handler name="FILE"/>
                </handlers>
            </root-logger>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:configadmin:1.0"/>
        <subsystem xmlns="urn:jboss:domain:datasources:1.1">
            <datasources>
                <datasource jndi-name="java:jboss/datasources/AnnuaireDS" pool-name="AnnuaireDS" enabled="true">
                    <connection-url>jdbc:postgresql://192.168.1.123/annuaire</connection-url>
                    <driver>postgresql</driver>
                    <security>
                        <user-name>postgres</user-name>
                        <password>test</password>
                    </security>
                </datasource>
                <drivers>
                    <driver name="postgresql" module="org.postgresql">
                        <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
                    </driver>
                </drivers>
            </datasources>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:deployment-scanner:1.1">
            <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000"/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:ee:1.1">
            <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
            <jboss-descriptor-property-replacement>true</jboss-descriptor-property-replacement>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:ejb3:1.3">
            <session-bean>
                <stateless>
                    <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
                </stateless>
                <stateful default-access-timeout="5000" cache-ref="simple"/>
                <singleton default-access-timeout="5000"/>
            </session-bean>
            <pools>
                <bean-instance-pools>
                    <strict-max-pool name="slsb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
                    <strict-max-pool name="mdb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
                </bean-instance-pools>
            </pools>
            <caches>
                <cache name="simple" aliases="NoPassivationCache"/>
                <cache name="passivating" passivation-store-ref="file" aliases="SimpleStatefulCache"/>
            </caches>
            <passivation-stores>
                <file-passivation-store name="file"/>
            </passivation-stores>
            <async thread-pool-name="default"/>
            <timer-service thread-pool-name="default">
                <data-store path="timer-service-data" relative-to="jboss.server.data.dir"/>
            </timer-service>
            <remote connector-ref="remoting-connector" thread-pool-name="default"/>
            <thread-pools>
                <thread-pool name="default">
                    <max-threads count="10"/>
                    <keepalive-time time="100" unit="milliseconds"/>
                </thread-pool>
            </thread-pools>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:infinispan:1.3">
            <cache-container name="hibernate" default-cache="local-query" module="org.jboss.as.jpa.hibernate:4">
                <local-cache name="entity">
                    <transaction mode="NON_XA"/>
                    <eviction strategy="LRU" max-entries="10000"/>
                    <expiration max-idle="100000"/>
                </local-cache>
                <local-cache name="local-query">
                    <transaction mode="NONE"/>
                    <eviction strategy="LRU" max-entries="10000"/>
                    <expiration max-idle="100000"/>
                </local-cache>
                <local-cache name="timestamps">
                    <transaction mode="NONE"/>
                    <eviction strategy="NONE"/>
                </local-cache>
            </cache-container>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
        <subsystem xmlns="urn:jboss:domain:jca:1.1">
            <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
            <bean-validation enabled="true"/>
            <default-workmanager>
                <short-running-threads>
                    <core-threads count="50"/>
                    <queue-length count="50"/>
                    <max-threads count="50"/>
                    <keepalive-time time="10" unit="seconds"/>
                </short-running-threads>
                <long-running-threads>
                    <core-threads count="50"/>
                    <queue-length count="50"/>
                    <max-threads count="50"/>
                    <keepalive-time time="10" unit="seconds"/>
                </long-running-threads>
            </default-workmanager>
            <cached-connection-manager/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
        <subsystem xmlns="urn:jboss:domain:jmx:1.1">
            <show-model value="true"/>
            <remoting-connector/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:jpa:1.0">
            <jpa default-datasource=""/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:mail:1.0">
            <mail-session jndi-name="java:jboss/mail/Default">
                <smtp-server outbound-socket-binding-ref="mail-smtp"/>
            </mail-session>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:naming:1.2">
            <remote-naming/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:osgi:1.2" activation="lazy">
            <properties>
                <property name="org.osgi.framework.startlevel.beginning">
                    1
                </property>
            </properties>
            <capabilities>
                <capability name="javax.servlet.api:v25"/>
                <capability name="javax.transaction.api"/>
                <capability name="org.apache.felix.log" startlevel="1"/>
                <capability name="org.jboss.osgi.logging" startlevel="1"/>
                <capability name="org.apache.felix.configadmin" startlevel="1"/>
                <capability name="org.jboss.as.osgi.configadmin" startlevel="1"/>
            </capabilities>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:pojo:1.0"/>
        <subsystem xmlns="urn:jboss:domain:remoting:1.1">
            <connector name="remoting-connector" socket-binding="remoting" security-realm="HelloRealm"/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:resource-adapters:1.0"/>
        <subsystem xmlns="urn:jboss:domain:sar:1.0"/>
        <subsystem xmlns="urn:jboss:domain:security:1.2">
            <security-domains>
                <security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="Remoting" flag="optional">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                        <login-module code="RealmDirect" flag="required">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="jboss-web-policy" cache-type="default">
                    <authorization>
                        <policy-module code="Delegating" flag="required"/>
                    </authorization>
                </security-domain>
                <security-domain name="jboss-ejb-policy" cache-type="default">
                    <authorization>
                        <policy-module code="Delegating" flag="required"/>
                    </authorization>
                </security-domain>
                <security-domain name="HelloDomain" cache-type="default">
                    <authentication>
                        <login-module code="Remoting" flag="optional">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:jboss/datasources/AnnuaireDS"/>
                            <module-option name="principalsQuery" value="SELECT mdp FROM utilisateur WHERE id_fact=?"/>
                            <module-option name="rolesQuery" value="SELECT r.role, 'Roles' FROM role r INNER JOIN utilisateur u USING (cle_utilisateur) WHERE u.id_fact=?"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                            <module-option name="hashAlgorithm" value="SHA-256"/>
                            <module-option name="hashEncoding" value="base64"/>
                        </login-module>
                    </authentication>
                </security-domain>
            </security-domains>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:threads:1.1"/>
        <subsystem xmlns="urn:jboss:domain:transactions:1.2">
            <core-environment>
                <process-id>
                    <uuid/>
                </process-id>
            </core-environment>
            <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
            <coordinator-environment default-timeout="300"/>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:web:1.2" default-virtual-server="default-host" native="false">
            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
            <virtual-server name="default-host" enable-welcome-root="true">
                <alias name="localhost"/>
                <alias name="example.com"/>
            </virtual-server>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:webservices:1.1">
            <modify-wsdl-address>true</modify-wsdl-address>
            <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
            <endpoint-config name="Standard-Endpoint-Config"/>
            <endpoint-config name="Recording-Endpoint-Config">
                <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
                    <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
                </pre-handler-chain>
            </endpoint-config>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:weld:1.0"/>
    </profile>

    <interfaces>
        <interface name="management">
            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
        </interface>
        <interface name="public">
            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
        </interface>
        <interface name="unsecure">
            <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
        </interface>
    </interfaces>

    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
        <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
        <socket-binding name="ajp" port="8009"/>
        <socket-binding name="http" port="8080"/>
        <socket-binding name="https" port="8443"/>
        <socket-binding name="osgi-http" interface="management" port="8090"/>
        <socket-binding name="remoting" port="4447"/>
        <socket-binding name="txn-recovery-environment" port="4712"/>
        <socket-binding name="txn-status-manager" port="4713"/>
        <outbound-socket-binding name="mail-smtp">
            <remote-destination host="localhost" port="25"/>
        </outbound-socket-binding>
    </socket-binding-group>

</server>

5. Re: Remoting over SSL on AS 7.1.3

ybxiang.china Oct 16, 2012 8:57 PM (in response to renz13)

Are you sure your application is configured with <security-realm name="HelloRealm">???

why NOT use <security-realm name="ApplicationRealm"> directly???

Like this:

	<security-realms>
	<security-realm name="ManagementRealm">
	<authentication>
	<jaas name="nms-jaas-security-domain"/>
	</authentication>
	</security-realm>
	<security-realm name="ApplicationRealm">
	<server-identities>
	<ssl>
	<keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="ybxiang_keystore_password"/>
	</ssl>
	</server-identities>
	<authentication>
	<jaas name="nms-jaas-security-domain"/>
	</authentication>
	<authorization>
	<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
	</authorization>
	</security-realm>
	</security-realms>

6. Re: Remoting over SSL on AS 7.1.3

ybxiang.china Oct 16, 2012 9:02 PM (in response to ybxiang.china)

If you want to use TLS, then both keystore and truststore should be configured. (I think it is NOT safe to distribute client application with keystore bacause private key is saved in this keystore.)
I think you had better make your application work with SSL at first, because SSL is easier.
Then try TLS.
Actions
7. Re: Remoting over SSL on AS 7.1.3

ybxiang.china Oct 16, 2012 9:03 PM (in response to renz13)

There are many topics about SSL configuration with jboss 7.
You can search the forum.
Actions
8. Re: Remoting over SSL on AS 7.1.3

renz13 Oct 17, 2012 4:41 AM (in response to ybxiang.china)

I use @SecurityDomain("HelloDomain") in my SLSB class.
What is weird, is that I have an exception in my log as a warning, but after it seems to do the job correctly according to the log and the return of the remote call :

16 oct. 2012 18:05:24 org.jboss.ejb.client.remoting.RemotingConnectionEJBReceiver associate
INFO: EJBCLIENT000013: Successful version handshake completed for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@12c7568, receiver=Remoting connection EJB receiver [connection=Remoting connection <13ad085>,channel=jboss.ejb,nodename=renz-precision]} on channel Channel ID b04700ad (outbound) of Remoting connection 0076e369 to localhost/127.0.0.1:4447
Actions
9. Re: Remoting over SSL on AS 7.1.3

renz13 Oct 17, 2012 5:07 AM (in response to renz13)

I've found the problem.

I configure programmatically the EJBClientContext, but I still have a jboss-ejb-client.properties in my path, with a different configuration where SSL_ENABLED was false.

Thanks for your help guys!
Actions
10. Re: Remoting over SSL on AS 7.1.3

jaikiran Oct 17, 2012 6:49 AM (in response to renz13)

FWIW, you can set the jboss.ejb.client.properties.skip.classloader.scan system property to true to disable classpath scanning for jboss-ejb-client.properties, to avoid issues like these:

-Djboss.ejb.client.properties.skip.classloader.scan=true

[Edited by jaikiran pai: Fixed the previous post which incorrectly stated that this property has to be set to false]
1 of 1 people found this helpful
Actions
11. Re: Remoting over SSL on AS 7.1.3

renz13 Oct 17, 2012 6:19 AM (in response to jaikiran)

I think I should set it to TRUE to disable classpath scan :

-Djboss.ejb.client.properties.skip.classloader.scan=true

Thanks
Actions
12. Re: Remoting over SSL on AS 7.1.3

jaikiran Oct 17, 2012 6:48 AM (in response to renz13)

renz13 wrote:

I think I should set it to TRUE to disable classpath scan :

-Djboss.ejb.client.properties.skip.classloader.scan=true

Thanks
Ah yes! You are right

P.S: I've fixed my previous post so that users don't pick up that incorrect usage.
Actions
13. Re: Remoting over SSL on AS 7.1.3

ybxiang.china Oct 17, 2012 7:02 AM (in response to renz13)

Are you kidding?
Actions

Go to original post