host controller was not able to connect Domain controller After install the SSL in Management console.
nurubhas Apr 27, 2017 12:51 AMHi All,
I have faced small issue in my Jboss EAP environment, After configuring SSL for Management console.
I have two VM'S (RHE Linux 6.4).names as
1) Server1.example.com
2) Server2.example.com
I have installed JbossEAP 6.3 in Server1 and Server2 , I have choosen Server1 as Domain controller & Server2 as a Slave Machine.
I have configured domain & host.xml files. So both server1 & server2 running as horizontal cluster setup without any trouble & I have test cluster functionality as well.
Issue came here:
I have installed a self signed certificate for Management console in Server1 & it is accessible with https://Server1IP:9443 without failure
when i am starting host controller process in Slave Machine(server2)... getting some exception related to SSL failure.
Reason: Slave machine is not able to communicate domain controller after install the SSL certificates for management console.
ERROr
[Host Controller ] JBAS010900 : Could not connect to remote domain controller at remote://remoteIP:9999 -- java.lang.IllegalStateException : JBAS016509: Unable to connect due to SSL failure.
I am sharing here keystore details :
[jbossas@server1 configuration]$ keytool -list -keystore domain.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
slave2, Apr 26, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): F0:D9:44:2D:CA:25:1D:F5:65:7C:58:27:21:35:D7:62:ED:C7:45:A7
slave1, Apr 26, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): 9B:91:C8:DF:20:D6:60:A0:28:F4:48:D8:37:72:95:68:FD:68:F1:59
domain, Apr 26, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): B9:91:37:99:48:DC:B5:C3:94:1E:6D:86:AB:A8:66:E3:AB:34:31:58
[jbossas@server1 configuration]$ keytool -list -keystore slave1.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
slave1, Apr 26, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): 9B:91:C8:DF:20:D6:60:A0:28:F4:48:D8:37:72:95:68:FD:68:F1:59
domain, Apr 26, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): B9:91:37:99:48:DC:B5:C3:94:1E:6D:86:AB:A8:66:E3:AB:34:31:58
Domain Controller-- host.xml
<security-realm name="ManagementRealm">
<server-identities>
<ssl>
<keystore path="/opt/jboss/jboss-eap-6.3/domain/configuration/domain.jks" keystore-password="password" alias="domain"/>
</ssl>
</server-identities>
<authentication>
<truststore path="domain.jks" keystore-password="password" />
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
And in slave machine I have copied the domain.jks & slave1.jks certificates to slave(server2 machine) same path & I have configured the same in slave host.xml
In slave1 host.xml file contains below configuration
<security-realm name="ManagementRealm">
   <server-identities>
     <secret value="base 64 secret value generated at the time of slave user creation" />
   <ssl>
  <keystore path="slave1.jks" keystore-password="password" alias="slave1"/>
   </ssl>
   </server-identities>
     
<authentication>
<truststore path="/opt/jboss/jboss-eap-6.3/domain/configuration/domain.jks" keystore-password="password" relative-to="jboss.domain.config.dir" />
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
if I am not installed SSL certificate on Management console, everything going well... when i configured SSL for management console problem occurred.
Can you please suggest me... what other configuration required in slave host.xml file to communicate domain controller process over SSL.
 
    