-
1. Re: Securing management interface through HTTPS
handfreezer Apr 5, 2012 11:50 AM (in response to handfreezer)OK, I succeed, and have a second question following my solution:
<security-realm name="ManagementRealm"> <server-identities> <ssl > <keystore path="my_keystore" relative-to="jboss.server.config.dir" password="123456"/> </ssl> </server-identities> <authentication>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
I added a keystore for the identity of the server, but I don't find the attribute name to specify the alias of the key to use in the store.
Does someone know it?
-
2. Re: Securing management interface through HTTPS
dlofthouse Apr 5, 2012 11:53 AM (in response to handfreezer)It doesn't currently support specifying an alias - at the moment you should provide a keystore with just the entry you need.
Adding support for an alias is being added as we speak under the following issue: -
-
3. Re: Securing management interface through HTTPS
handfreezer Apr 6, 2012 3:30 AM (in response to dlofthouse)OK, thanks for the answer. Just another one, is there a way to declare the use of SSL certificate like for connector using directly OpenSSL crt and key, aka not through a JKS ?
-
4. Re: Securing management interface through HTTPS
dlofthouse Apr 6, 2012 9:40 AM (in response to handfreezer)At the moment just JKS but if there are demands for other please raise a feature request in jira for it is be considered.
-
5. Re: Securing management interface through HTTPS
handfreezer Apr 6, 2012 10:45 AM (in response to dlofthouse) -
6. Re: Securing management interface through HTTPS
pathduck Apr 7, 2012 7:22 AM (in response to handfreezer)Hopefully the management interface will be available to configure like a standard connector sometime in the not to distant "future"
As it is now every feature of a connector will (sooner or later) have to be duplicated for the separate management interface, which leads to a lot of duplicate settings.
-
7. Re: Securing management interface through HTTPS
rstokoe1 Apr 13, 2012 11:56 AM (in response to handfreezer)I had to use https rather than http=... (on jboss-as-7.1.1.Final)
<http-interface security-realm="ManagementRealm">
<socket-binding https="management-https"/>
</http-interface>
-
8. Re: Securing management interface through HTTPS
handfreezer Apr 16, 2012 4:38 AM (in response to rstokoe1)ok, but using <socket-binding https="management-https"/> needs a server-identities tag.
The so called socket-binding management-https is confusing, because, it isn't the owner of the "SSL capability" of the socket.
Stian Lund a écrit:
Hopefully the management interface will be available to configure like a standard connector sometime in the not to distant "future"
-
9. Re: Securing management interface through HTTPS
dlofthouse Apr 16, 2012 10:00 AM (in response to handfreezer)ok, but using <socket-binding https="management-https"/> needs a server-identities tag.
It shouldn't do - what does your config look like?
-
10. Re: Securing management interface through HTTPS
handfreezer Apr 19, 2012 10:18 AM (in response to dlofthouse)yes, it should because of httpS .
-
11. Re: Securing management interface through HTTPS
dlofthouse Apr 19, 2012 10:21 AM (in response to handfreezer)Sorry yes you are correct, it is needed for the SSL defintion for the keystore - I was confusing what you were saying with the secret definition also possible in server-identities.