3 Replies Latest reply on Mar 27, 2012 12:54 PM by karin k

    JBoss 7.1.1: how to enable client-cert authentication for the management interface

    karin k Newbie

      Hi all

       

      in the release notes of 7.1.0 following is stated

      • Support for client certificate authentication on both the remoting interfaces and the HTTP management interface.

       

      Also Darron has mentioned that in the following discussion https://community.jboss.org/message/723290.

       

      How is that concretely configured

       

      I tried the following config

      <security-realm name="ManagementRealm">                           
      <authentication>
                 <truststore path="karin.jks" relative-to="jboss.domain.config.dir" password="karin"/>                              
      </authentication>
      </security-realm>

       

      <http-interface security-realm="ManagementRealm" >

                 <socket interface="management" port="9990" secure-port="8888"/>

      </http-interface>

       

      JBoss AS started successfully, but I cannot invoke the domain console on port 8888 (I guess the ssl connection is not really working, it might be that my truststore is not useful), anyway would that actually be the correct configuration?

       

      What will exactly happen when a client tries to connect. I think it will be

      1) client certificate is requested

      2) client certificate is checked if it is issued by the truststore ca certificate (just standard ssl client authentication)

      3) if yes CN from client certificate is set as principal

       

      Thanks for your help

       

      Karin