5 Replies Latest reply on Dec 13, 2012 11:30 AM by mazz

    how to configure https connector for SSL via CLI

    mazz

      This thread shows what you need to do to configure the https connector via editing standalone.xml.

       

      However, I want to do it via DMR/ModelController API calls. I first tried to do it via the CLI GUI (jboss-cli.sh --gui), but I can't seem to get it to work. First off, the CLI GUI doesn't even show the "ssl" child when you use the right-mouse "add" menu (the popup dialogue box doesn't show you an "ssl" entry), but I assume it is valid so I just tried this from the CLI:

       

      /subsystem=web/connector=https/:add(socket-binding=https,scheme=https,protocol=HTTP/1.1,secure=true,enabled=true,enable-lookups=false,ssl={name=>'https' password=>'changeit' certificate-key-file=>'server.keystore')})

      {"outcome" => "success"}

       

      So you can see here that the outcome was "success" and I do see a new https connector added to my system (I can actually see it in the CLI GUI). Therefore, I assume the syntax of that CLI command is valid and I also assume my values were all correct (specifically for the ssl child node).

       

      But, if I ask to read-resource on that new connector, you'll notice that ssl still shows undefined (even though up above you see I did set the attributes for that ssl child node) and no <ssl> xml exists in my standalone xml file:

       

      /subsystem=web/connector=https/:read-resource(recursive=true,proxies=false,include-runtime=true,include-defaults=true)

      {

          "outcome" => "success",

          "result" => {

              "bytesReceived" => "0",

              "bytesSent" => "0",

              "enable-lookups" => false,

              "enabled" => true,

              "errorCount" => "0",

              "executor" => undefined,

              "max-connections" => undefined,

              "max-post-size" => 2097152,

              "max-save-post-size" => 4096,

              "maxTime" => "0",

              "name" => "https",

              "processingTime" => "0",

              "protocol" => "HTTP/1.1",

              "proxy-name" => undefined,

              "proxy-port" => undefined,

              "redirect-port" => 8433,

              "requestCount" => "0",

              "scheme" => "https",

              "secure" => true,

              "socket-binding" => "https",

              "ssl" => undefined,

              "virtual-server" => undefined

          }

      }

       

      In the CLI GUI, I don't see any "ssl" child node anywhere, nor do I see how I can add/modify an "ssl" child node from the right-mouse menu options.

       

      So, my question is - how do I create a secure connector such that I can provide the ssl information (like the password to the store, the store filename, etc) via the CLI (which can then tell me what I really want to know - what's the DMR representation)

        • 1. Re: how to configure https connector for SSL via CLI
          nickarls

          Try something like

           

          /subsystem=web/connector=https:add(socket-binding=https, scheme=https, secure="true", protocol="HTTP/1.1", ssl = {"name"=>"ssl", "key-alias"=>"jbossas7", "password"=>"jbossas7", "certificate-key-file"=>"c:/users/karlsnic/jbossas7.keystore"})

          • 2. Re: how to configure https connector for SSL via CLI
            mazz

            Same thing.

             

            /subsystem=web/connector=https:add(socket-binding=https, scheme=https, secure="true", protocol="HTTP/1.1", ssl = {"name"=>"ssl", "key-alias"=>"jbossas7", "password"=>"jbossas7", "certificate-key-file"=>"c:/users/karlsnic/jbossas7.keystore"})

            {"outcome" => "success"}

             

            results in:

             

            /subsystem=web/connector=https/:read-resource(recursive=true,recursive-depth=5,proxies=true,include-runtime=true,include-defaults=true)

            {

                "outcome" => "success",

                "result" => {

                    "bytesReceived" => "0",

                    "bytesSent" => "0",

                    "enable-lookups" => false,

                    "enabled" => true,

                    "errorCount" => "0",

                    "executor" => undefined,

                    "max-connections" => undefined,

                    "max-post-size" => 2097152,

                    "max-save-post-size" => 4096,

                    "maxTime" => "0",

                    "name" => "https",

                    "processingTime" => "0",

                    "protocol" => "HTTP/1.1",

                    "proxy-name" => undefined,

                    "proxy-port" => undefined,

                    "redirect-port" => 8433,

                    "requestCount" => "0",

                    "scheme" => "https",

                    "secure" => "true",

                    "socket-binding" => "https",

                    "ssl" => undefined,

                    "virtual-server" => undefined

                }

            }

             

            NOTE: I'm using JBossAS 7.1.1.Final.

            • 3. Re: how to configure https connector for SSL via CLI
              mazz

              I tried to set the "ssl" as if it were an attribute, and that failed (which I think is to be expected, I don't think "ssl" is an attribute)

               

              /subsystem=web/connector=https/:write-attribute(name=ssl,value={"name"=>"ssl", "key-alias"=>"jbossas7", "password"=>"jbossas7", "certificate-key-file"=>"c:/users/karlsnic/jbossas7.keystore"})

              {

                  "outcome" => "failed",

                  "failure-description" => "JBAS014792: Unknown attribute ssl",

                  "rolled-back" => true

              }

               

              but yet, I can't add "ssl" as a child node either:

               

              /subsystem=web/connector=https/ssl=myssl:add()

              {

                  "outcome" => "failed",

                  "failure-description" => "JBAS014739: No handler for add at address [

                  (\"subsystem\" => \"web\"),

                  (\"connector\" => \"https\"),

                  (\"ssl\" => \"myssl\")

              ]",

                  "rolled-back" => true

              }

               

              I'm not sure how to do this

              • 4. Re: how to configure https connector for SSL via CLI
                ctomc

                hi,

                 

                you need to add child node with SSL configuration...

                 

                something along the lines:

                 

                 

                /subsystem=web/connector=https/configuration=ssl:add("key-alias"=>"jbossas7", "password"=>"jbossas7",....)

                 

                 

                --

                tomaz

                • 5. Re: how to configure https connector for SSL via CLI
                  mazz

                  Yeah, OK, this helped as well:

                   

                  http://middlewaremagic.com/jboss/?p=2390

                   

                  So it appears you have to create https connector first, then add the ssl child node but it appears it must be named "configuration" (that's the important part):

                   

                  /subsystem=web/connector=https/ssl=configuration:add(name="ssl",key-alias="chapter8",password="rmi+ssl",certificate-key-file="${jboss.server.config.dir}/chap8.keystore",protocol="TLSv1",verify-client="false",certificate-file="${jboss.server.config.dir}/chap8.keystore")

                   

                  even this works:

                   

                  /subsystem=web/connector=https/ssl=configuration:add()

                   

                  I now see the ssl child node in the CLI GUI.