2 Replies Latest reply on May 22, 2013 9:27 AM by wtben

    JBoss management via SSL

    wtben

      I have a problem with my JBoss AS 7.1.1 after I configured it to use ssl for the management interface.

       

      I followed https://community.jboss.org/wiki/SecuringAdministrationConsoleWithHttps to secure the admin console. This worked.

       

      But now I realized that the native management interface does not work anymore.<br />

      When I start my JBoss in Eclipse via the JBoss Tools I get lots of these error messages:

         

       ERROR [org.jboss.remoting.remote.connection] (Remoting "myhost:MANAGEMENT" read-1) JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
      

       

      I have the following configuration in the `standalone.xml`:

       

           <management>
              <security-realms>
                  <security-realm name="ManagementRealm">
                      <server-identities>
                          <ssl>
                              <keystore path="my.keystore" relative-to="jboss.server.config.dir" password="xxPASSxx"/>
                          </ssl>
                      </server-identities>
                      <authentication>
                          <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                      </authentication>
                  </security-realm>
                  ...
              </security-realms>
              <management-interfaces>
                  <native-interface security-realm="ManagementRealm">
                      <socket-binding native="management-native"/>
                  </native-interface>
                  <http-interface security-realm="ManagementRealm">
                      <socket-binding https="management-https"/>
                  </http-interface>
              </management-interfaces>
          </management>
      
          <interfaces>
              <interface name="management">
                  <any-address/>
              </interface>
              ...
          </interfaces>
      
          <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
              <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
              <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
              <socket-binding name="ajp" port="8009"/>
              <socket-binding name="http" port="8080"/>
              <socket-binding name="https" port="8443"/>
              <socket-binding name="osgi-http" interface="management" port="8090"/>
              <socket-binding name="remoting" port="4447"/>
              <socket-binding name="txn-recovery-environment" port="4712"/>
              <socket-binding name="txn-status-manager" port="4713"/>
              <socket-binding name="messaging" port="5445"/>
              <socket-binding name="messaging-throughput" port="5455"/>
              <outbound-socket-binding name="mail-smtp">
                  <remote-destination host="localhost" port="25"/>
              </outbound-socket-binding>
          </socket-binding-group>
      

       

      What did I miss?

        • 1. Re: JBoss management via SSL
          jaysensharma

          Hi,

           

              I tested it on AS7.1.2 as mentioned in the following link:   http://middlewaremagic.com/jboss/?p=2452

           

              And it worked for me .. So can you also try the same to see if there is any difference.  Still if you face any issue then it would be best if you can follow the step4). mentioned in the above link to enable the SSL debug (-Djavax.net.debug=all) and paste the logs:

           

           

          Step4). Now restart your JBoss AS 7.1.2 again as following:
          -Djavax.net.debug=all This System property will give us more details about the SSL Communication so we enabled it just to varify if the SSL configuration is working properly or not
          
          
          [userone@localhost bin]$ ./standalone.sh -c standalone-full.xml  -Djavax.net.debug=all 
          
          

           

           

          Thanks

          Jay SenSharma

          • 2. Re: JBoss management via SSL
            wtben

            Hi Jay,

             

            thank you for your reply.

            I've tried it again following the guide you posted. I also can work with the jboss cli and after accepting the selfsigned certificate i get no errors or warnings while using the cli.

            But unfortunately i still get errors when i start my jboss with the jboss tools within eclipse. I attached a log of a ssl connection attempt that fails:

            http://pastebin.com/eggrc9km

             

            Regards

            Ben