ManagementRealm SSL error: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
pickledradish Jul 1, 2013 6:35 PMI'm running EAP 6.1.0 in domain mode on RHEL6.
I'm trying to configure the native interface on port 9999 on the domain controller to use SSL. Eventually I'd like to use the certificates for authentication between the domain controller and host controllers, but for now I'm simply trying to get the SSL handshake to work.
I'm using a self-signed certificate for now.
I have the following configuration in host.xml on the domain controller:
<security-realm name="ManagementRealm"> <authentication> <local default-user="$local" /> <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/> </authentication> <server-identities> <ssl> <keystore alias="certificate" path="/path/to/keystores/certificate.keystore" keystore-password="mypassword"/> </ssl> </server-identities> </security-realm> <security-realm name="LDAPRealm"> <authentication> ... </authentication> <server-identities> <ssl> <keystore alias="certificate" path="/path/to/keystores/certificate.keystore" keystore-password="mypassword"/> </ssl> </server-identities> </security-realm> ... <management-interfaces> <native-interface security-realm="ManagementRealm"> <socket interface="management" port="${jboss.management.native.port:9999}"/> </native-interface> <http-interface security-realm="LDAPRealm"> <socket interface="management" secure-port="9443"/> </http-interface> </management-interfaces>
When I connect to the http interface on 9443, I can connect over SSL and verify that the certificate is the self-signed certificate I created.
When the host controller connects to the native interface, I get the following error on the DC:
[Host Controller] 15:09:22,086 ERROR [org.jboss.remoting.remote.connection] (Remoting "master-host:MANAGEMENT" read-1) JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
On the host controller, I get the error:
[Host Controller] 15:09:22,120 ERROR [org.jboss.remoting.remote.connection] (Remoting "slave-host:MANAGEMENT" read-1) JBREM000200: Remote connection failed: java.io.IOException: JBREM000202: Abrupt close on Remoting connection 0a514771 to master-host/<ip_snipped>:9999
I tried to configure the ManagementRealm on the host controller with a self-signed certificate and adding that certificate as a trusted certificate to the keystore on the domain controller, but I get the same result.
From what I've read, this would seem to indicate a problem with the certificate, but in that case I don't understand why the certificate works in the other security realm.
Am I missing something?