5 Replies Latest reply on Aug 23, 2018 1:56 AM by peyyero

SSL configuration in JBoss EAP 7.1 - Help needed

peyyero Aug 22, 2018 3:25 AM

Hi All,

We are in the process of upgrading from Jboss 5.1.0.GA to Jboss EAP 7.1 on Windows 2012 platform. One of the item is to port SSL certificate configuration (using JKS) from Jboss 5.1 to 7.1 EAP.

Our new setup involves running in a domain model. This setup looks something like this,

- Domain Controller (server a)

- Host Controller (server b)

- Server One

- Server Two

Server One runs with the port offset of 100 and Server Two with ports offset of 200.

I now want to install SSL certificate (within the keystore) on Server One and Server Two. How do I do that? I have seen some redhat documentation showing on how to install for 'Standalone' and 'Domain' models but I am bit confused on how to do it on the actual server itself?

Apologies if my questions are too naive.

Thank you,

Rohit

1. Re: SSL configuration in JBoss EAP 7.1 - Help needed

mchoma Aug 22, 2018 8:55 AM (in response to peyyero)

If configuration is exposed on domain controller it will propagate to whole domain. But you have to distribute keystore files manually to filesystem of distinct controllers.
Actions
2. Re: SSL configuration in JBoss EAP 7.1 - Help needed

peyyero Aug 22, 2018 8:35 PM (in response to mchoma)

Thank you Martin!

Let me give it a shot this morning.
Actions
3. Re: SSL configuration in JBoss EAP 7.1 - Help needed

peyyero Aug 23, 2018 12:12 AM (in response to peyyero)

I am still facing trouble getting this to work. I am following this article (Enable SSL in JBoss EAP 7.1 using Elytron - Red Hat Customer Portal) to setup SSL on my domain.

But when I run these steps using CLI:
--
batch /subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm) /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=newSSC)
run-batch
--

I get this error:

--
Exception for run-batch: org.jboss.as.cli.CommandFormatException: Failed to get the list of the operation properties: "WFLYCTL0030: No resource definition is registered for address [
    ("subsystem" => "undertow"),
    ("server" => "default-server"),
    ("https-listener" => "https")
]": Failed to get the list of the operation properties: "WFLYCTL0030: No resource definition is registered for address [
    ("subsystem" => "undertow"),
    ("server" => "default-server"),
    ("https-listener" => "https")
]
--

Any ideas why?
Actions
4. Re: SSL configuration in JBoss EAP 7.1 - Help needed

peyyero Aug 23, 2018 12:47 AM (in response to peyyero)

Just clarify, I also tried running like this:
--
batch
/profile=full-ha/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/profile=full-ha/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=newSSC)
run-batch
--

I got this error:
--
The batch failed with the following error (you are remaining in the batch editing mode to have a chance to correct the error): {"WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:" => {"Op
eration step-2" => "WFLYCTL0369: Required capabilities are not available:
    org.wildfly.security.ssl-context.newSSC in context 'profile=full-ha'; Possible registration points for this capability:
                /host=master/subsystem=elytron/server-ssl-context=*
                /host=master/subsystem=elytron/client-ssl-context=*
                /profile=*/subsystem=elytron/server-ssl-context=*
                /profile=*/subsystem=elytron/client-ssl-context=*"}}
--
Actions
5. Re: SSL configuration in JBoss EAP 7.1 - Help needed

peyyero Aug 23, 2018 1:56 AM (in response to peyyero)

Got the issue. All good. I had to install certificate under profile=full-ha.
Actions

Go to original post