11 Replies Latest reply on Mar 15, 2016 6:36 AM by tbw

    SSL under wildfly without https

    tbw

      How to turn on SSL under wildfly without https and with open cert from client side (for public application)?

      Thank You.

        • 1. Re: SSL under wildfly without https
          mchoma

          Try attribute socket-binding in https-listener element in undertow subsystem. What do you mean by "open cert from client side", can you elaborate more?

          • 2. Re: SSL under wildfly without https
            tbw

            1. socket binding - cool. Thx.

            2. I mean "self-signed certificate of a public key." as described here Making Self-Signed Certificates Trusted (this example (without application server) does not work for unknown reason at stage making trusted).

            • 3. Re: SSL under wildfly without https
              mchoma

              2. should be no problem. What exactly doesn't work for you? Look here to inspire Setting up SSL/TLS with Wildfly 10 .

              • 4. Re: SSL under wildfly without https
                tbw

                UPD:

                How i use login to this configuration with open cert?

                I already have work login, but not understand how to connect with open cert.

                 

                UPD. I mean public cert:

                keytool.exe -importcert -alias herong_home -file my_home.crt -keystore public.jks -storepass PublicJKS

                 

                with socket-binding

                • 5. Re: SSL under wildfly without https
                  tbw
                  • 6. Re: SSL under wildfly without https
                    tbw

                    Full 10.0.0.Final (WildFly Core 2.0.10.Final) starting

                    23:58:40,100 ERROR [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0055:

                    aught exception during boot: org.jboss.as.controller.persistence.ConfigurationP

                    rsistenceException: WFLYCTL0085: Failed to parse configuration

                            at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(X

                    lConfigurationPersister.java:131)

                            at org.jboss.as.server.ServerService.boot(ServerService.java:356)

                            at org.jboss.as.controller.AbstractControllerService$1.run(AbstractCont

                    ollerService.java:299)

                            at java.lang.Thread.run(Thread.java:745)

                    Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[45,8]

                    Message: WFLYCTL0197: Unexpected attribute 'password' encountered

                     

                    how to fix this?

                    • 7. Re: SSL under wildfly without https
                      mchoma

                      keystore-password is password attribute in wildfly. You found tutorial based on AS 7. In tutorial I provided it is correct

                      • 8. Re: SSL under wildfly without https
                        tbw

                        Ok, already fixed, plus needed to set alias and copy file to standalone config. Now server side without errors.

                        • 9. Re: SSL under wildfly without https
                          tbw

                          Client does not work (

                           

                          sources at http://www.filedropper.com/ssl-remote-ejb

                           

                          C:\...ettings\andrew\Desktop\main\ssl-remote-ejb\client\target>re=C:\client.keystore -Djavax.net.ssl.trustStorePassword=123456

                          ьрЁ 15, 2016 12:24:48 PM org.xnio.Xnio <clinit>

                          INFO: XNIO version 3.2.2.Final

                          ьрЁ 15, 2016 12:24:48 PM org.xnio.nio.NioXnio <clinit>

                          INFO: XNIO NIO Implementation Version 3.2.2.Final

                          ьрЁ 15, 2016 12:24:49 PM org.jboss.remoting3.EndpointImpl <clinit>

                          INFO: JBoss Remoting version 4.0.3.Final

                          ьрЁ 15, 2016 12:24:54 PM org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers

                          WARN: Could not register a EJB receiver for connection to 127.0.0.1:4447

                          java.lang.RuntimeException: Operation failed with status WAITING

                                  at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:94)                                        12:28

                                  at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:80)

                                  at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)

                                  at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:161)

                                  at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:118)

                                  at org.jboss.ejb.client.naming.ejb.EjbNamingContext.createIdentifiableEjbClientContext(EjbNamingContext.java:269)

                                  at org.jboss.ejb.client.naming.ejb.EjbNamingContext.setupScopedEjbClientContextIfNeeded(EjbNamingContext.java:134)

                                  at org.jboss.ejb.client.naming.ejb.EjbNamingContext.<init>(EjbNamingContext.java:101)

                                  at org.jboss.ejb.client.naming.ejb.ejbURLContextFactory.getObjectInstance(ejbURLContextFactory.java:38)

                                  at javax.naming.spi.NamingManager.getURLObject(Unknown Source)

                                  at javax.naming.spi.NamingManager.getURLContext(Unknown Source)

                                  at javax.naming.InitialContext.getURLOrDefaultInitCtx(Unknown Source)

                                  at javax.naming.InitialContext.lookup(Unknown Source)

                                  at com.illucit.ejbremote.EjbRemoteClient.createEjbProxy(EjbRemoteClient.java:236)

                                  at com.illucit.ejbremote.EjbRemoteClient.main(EjbRemoteClient.java:118)

                           

                           

                          ьрЁ 15, 2016 12:24:54 PM org.jboss.ejb.client.EJBClient <clinit>

                          INFO: JBoss EJB Client version 2.1.4.Final

                          Error accessing remote bean

                          java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:, moduleName:ejb-remote-server, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@71bbf57e

                                  at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:798)

                                  at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:128)

                                  at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186)

                                  at org.jboss.ejb.client.EJBInvocationHandler.sendRequestWithPossibleRetries(EJBInvocationHandler.java:255)

                                  at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:200)

                                  at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:183)

                                  at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)

                                  at com.sun.proxy.$Proxy2.greet(Unknown Source)

                                  at com.illucit.ejbremote.EjbRemoteClient.main(EjbRemoteClient.java:135)

                          ----------------------------------

                          Server:

                           

                          00:06:31,645 INFO  [org.jboss.modules] (main) JBoss Modules version 1.5.1.Final

                          00:06:32,224 INFO  [org.jboss.msc] (main) JBoss MSC version 1.2.6.Final

                          00:06:32,415 INFO  [org.jboss.as] (MSC service thread 1-4) WFLYSRV0049: WildFly

                          Full 10.0.0.Final (WildFly Core 2.0.10.Final) starting

                          00:06:36,670 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-t

                          hreads - 1) WFLYDS0015: Re-attempting failed deployment ejb-remote-server.jar

                          00:06:36,955 INFO  [org.jboss.as.repository] (ServerService Thread Pool -- 7) WF

                          LYDR0001: Content added at location C:\Documents and Settings\andrew\Desktop\mai

                          n\wildfly-10.0.0.Final\standalone\data\content\e8\d3b94060318880b29abb6bd0b8f8fa

                          9a9b192a\content

                          00:06:37,000 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: C

                          reating http management service using socket-binding (management-http)

                          00:06:37,052 INFO  [org.xnio] (MSC service thread 1-3) XNIO version 3.3.4.Final

                          00:06:37,095 INFO  [org.xnio.nio] (MSC service thread 1-3) XNIO NIO Implementati

                          on Version 3.3.4.Final

                          00:06:37,267 INFO  [org.jboss.as.naming] (ServerService Thread Pool -- 46) WFLYN

                          AM0001: Activating Naming Subsystem

                          00:06:37,343 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Po

                          ol -- 38) WFLYCLINF0001: Activating Infinispan subsystem.

                          00:06:37,373 INFO  [org.jboss.as.jsf] (ServerService Thread Pool -- 44) WFLYJSF0

                          007: Activated the following JSF Implementations: [main]

                          00:06:37,463 INFO  [org.wildfly.extension.io] (ServerService Thread Pool -- 37)

                          WFLYIO001: Worker 'default' has auto-configured to 4 core threads with 32 task t

                          hreads based on your 2 available processors

                          00:06:37,510 INFO  [org.jboss.as.webservices] (ServerService Thread Pool -- 56)

                          WFLYWS0002: Activating WebServices Extension

                          00:06:37,528 INFO  [org.jboss.as.security] (ServerService Thread Pool -- 53) WFL

                          YSEC0002: Activating Security Subsystem

                          00:06:37,535 WARN  [org.jboss.as.txn] (ServerService Thread Pool -- 54) WFLYTX00

                          13: Node identifier property is set to the default value. Please make sure it is

                          unique.

                          00:06:37,751 INFO  [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting

                          version 4.0.18.Final

                          00:06:38,181 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -

                          - 55) WFLYUT0003: Undertow 1.3.15.Final starting

                          00:06:38,263 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-4) WFL

                          YUT0003: Undertow 1.3.15.Final starting

                          00:06:38,303 INFO  [org.jboss.as.naming] (MSC service thread 1-1) WFLYNAM0003: S

                          tarting Naming Service

                          00:06:38,313 INFO  [org.jboss.as.mail.extension] (MSC service thread 1-3) WFLYMA

                          IL0001: Bound mail session [java:jboss/mail/Default]

                          00:06:38,536 INFO  [org.jboss.as.connector] (MSC service thread 1-1) WFLYJCA0009

                          : Starting JCA Subsystem (WildFly/IronJacamar 1.3.2.Final)

                          00:06:38,632 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerServic

                          e Thread Pool -- 33) WFLYJCA0005: Deploying non-JDBC-compliant driver class org.

                          postgresql.Driver (version 9.4)

                          00:06:38,498 INFO  [org.jboss.as.security] (MSC service thread 1-2) WFLYSEC0001:

                          Current PicketBox version=4.9.4.Final

                          00:06:38,891 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1

                          -3) WFLYJCA0018: Started Driver service with driver-name = postgresql

                          00:06:39,120 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -

                          - 55) WFLYUT0014: Creating file handler for path 'C:\Documents and Settings\andr

                          ew\Desktop\main\wildfly-10.0.0.Final/welcome-content' with options [directory-li

                          sting: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-pa

                          ths: '[]']

                          00:06:39,125 INFO  [org.jboss.as.ejb3] (MSC service thread 1-1) WFLYEJB0481: Str

                          ict pool slsb-strict-max-pool is using a max instance size of 32 (per class), wh

                          ich is derived from thread worker pool sizing.

                          00:06:39,162 INFO  [org.jboss.as.ejb3] (MSC service thread 1-3) WFLYEJB0482: Str

                          ict pool mdb-strict-max-pool is using a max instance size of 8 (per class), whic

                          h is derived from the number of CPUs on this host.

                          00:06:39,526 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-4) WFL

                          YUT0012: Started server default-server.

                          00:06:39,648 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-4) WFL

                          YUT0018: Host default-host starting

                          00:06:39,889 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-4) WFL

                          YUT0006: Undertow HTTP listener default listening on 127.0.0.1:8080

                          00:06:40,667 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) WFL

                          YSRV0027: Starting deployment of "ejb-remote-server.jar" (runtime-name: "ejb-rem

                          ote-server.jar")

                          00:06:40,698 INFO  [org.jboss.as.server.deployment.scanner] (MSC service thread

                          1-1) WFLYDS0013: Started FileSystemDeploymentService for directory C:\Documents

                          and Settings\andrew\Desktop\main\wildfly-10.0.0.Final\standalone\deployments

                          00:06:40,944 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service

                          thread 1-4) WFLYJCA0001: Bound data source [java:jboss/datasources/PostgreDataSo

                          urce]

                          00:06:41,733 INFO  [org.jboss.ws.common.management] (MSC service thread 1-1) JBW

                          S022052: Starting JBossWS 5.1.3.Final (Apache CXF 3.1.4)

                          00:06:41,747 INFO  [org.infinispan.factories.GlobalComponentRegistry] (MSC servi

                          ce thread 1-4) ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final

                          00:06:41,756 INFO  [org.infinispan.factories.GlobalComponentRegistry] (MSC servi

                          ce thread 1-2) ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final

                          00:06:42,954 INFO  [org.jboss.weld.deployer] (MSC service thread 1-1) WFLYWELD00

                          03: Processing weld deployment ejb-remote-server.jar

                          00:06:43,286 INFO  [org.hibernate.validator.internal.util.Version] (MSC service

                          thread 1-1) HV000001: Hibernate Validator 5.2.3.Final

                          00:06:43,532 INFO  [org.jboss.as.ejb3.deployment] (MSC service thread 1-1) WFLYE

                          JB0473: JNDI bindings for session bean named 'ExampleServiceImpl' in deployment

                          unit 'deployment "ejb-remote-server.jar"' are as follows:

                           

                           

                                  java:global/ejb-remote-server/ExampleServiceImpl!com.illucit.ejbremote.s

                          erver.ExampleService

                                  java:app/ejb-remote-server/ExampleServiceImpl!com.illucit.ejbremote.serv

                          er.ExampleService

                                  java:module/ExampleServiceImpl!com.illucit.ejbremote.server.ExampleServi

                          ce

                                  java:jboss/exported/ejb-remote-server/ExampleServiceImpl!com.illucit.ejb

                          remote.server.ExampleService

                                  java:global/ejb-remote-server/ExampleServiceImpl

                                  java:app/ejb-remote-server/ExampleServiceImpl

                                  java:module/ExampleServiceImpl

                           

                           

                          00:06:43,818 INFO  [org.jboss.weld.deployer] (MSC service thread 1-1) WFLYWELD00

                          06: Starting Services for CDI deployment: ejb-remote-server.jar

                          00:06:43,840 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuil

                          der] (ServerService Thread Pool -- 58) ISPN000152: Passivation configured withou

                          t an eviction policy being selected. Only manually evicted entities will be pass

                          ivated.

                          00:06:43,914 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuil

                          der] (ServerService Thread Pool -- 58) ISPN000152: Passivation configured withou

                          t an eviction policy being selected. Only manually evicted entities will be pass

                          ivated.

                          00:06:43,962 INFO  [org.jboss.weld.Version] (MSC service thread 1-1) WELD-000900

                          : 2.3.2 (Final)

                          00:06:44,005 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuil

                          der] (ServerService Thread Pool -- 59) ISPN000152: Passivation configured withou

                          t an eviction policy being selected. Only manually evicted entities will be pass

                          ivated.

                          00:06:44,089 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuil

                          der] (ServerService Thread Pool -- 59) ISPN000152: Passivation configured withou

                          t an eviction policy being selected. Only manually evicted entities will be pass

                          ivated.

                          00:06:44,095 INFO  [org.jboss.weld.deployer] (MSC service thread 1-1) WFLYWELD00

                          09: Starting weld service for deployment ejb-remote-server.jar

                          00:06:45,140 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Po

                          ol -- 58) WFLYCLINF0002: Started client-mappings cache from ejb container

                          00:06:46,419 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 34) WFLYS

                          RV0010: Deployed "ejb-remote-server.jar" (runtime-name : "ejb-remote-server.jar"

                          )

                          00:06:46,801 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http man

                          agement interface listening on http://127.0.0.1:9990/management

                          00:06:46,805 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin co

                          nsole listening on http://127.0.0.1:9990

                          00:06:46,807 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly

                          Full 10.0.0.Final (WildFly Core 2.0.10.Final) started in 16081ms - Started 364 o

                          f 634 services (378 services are lazy, passive or on-demand)

                          • 10. Re: SSL under wildfly without https
                            mchoma

                            You are trying to connect to port 4447. It is not default remoting port anymore in wildfly.  But probably it is why you were asking about socket-binding.

                             

                            But see this thread and mainly correct answer to see how you can configure ejb to use TLS in wildfly How to use SSL/TLS encryption and database authorization/authentication to call EJB in WildFly 8 CR1?

                            • 11. Re: SSL under wildfly without https
                              tbw

                              I'm trying to change standalone.xml:

                              <socket-binding name="remoting" port="4447"/>

                              but have similar result.

                               

                              Now i reading last article in cycle, but not see resolution.

                              I need to have on client side open part of ssl only (only public cert), becouse application is fully public.