11 Replies Latest reply on Mar 15, 2016 6:36 AM by Andrew Bryukhov

    SSL under wildfly without https

    Andrew Bryukhov Newbie

      How to turn on SSL under wildfly without https and with open cert from client side (for public application)?

      Thank You.

        • 1. Re: SSL under wildfly without https
          Martin Choma Expert

          Try attribute socket-binding in https-listener element in undertow subsystem. What do you mean by "open cert from client side", can you elaborate more?

          • 2. Re: SSL under wildfly without https
            Andrew Bryukhov Newbie

            1. socket binding - cool. Thx.

            2. I mean "self-signed certificate of a public key." as described here Making Self-Signed Certificates Trusted (this example (without application server) does not work for unknown reason at stage making trusted).

            • 3. Re: SSL under wildfly without https
              Martin Choma Expert

              2. should be no problem. What exactly doesn't work for you? Look here to inspire Setting up SSL/TLS with Wildfly 10 .

              • 4. Re: SSL under wildfly without https
                Andrew Bryukhov Newbie

                UPD:

                How i use login to this configuration with open cert?

                I already have work login, but not understand how to connect with open cert.

                 

                UPD. I mean public cert:

                keytool.exe -importcert -alias herong_home -file my_home.crt -keystore public.jks -storepass PublicJKS

                 

                with socket-binding

                • 6. Re: SSL under wildfly without https
                  Andrew Bryukhov Newbie

                  Full 10.0.0.Final (WildFly Core 2.0.10.Final) starting

                  23:58:40,100 ERROR [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0055:

                  aught exception during boot: org.jboss.as.controller.persistence.ConfigurationP

                  rsistenceException: WFLYCTL0085: Failed to parse configuration

                          at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(X

                  lConfigurationPersister.java:131)

                          at org.jboss.as.server.ServerService.boot(ServerService.java:356)

                          at org.jboss.as.controller.AbstractControllerService$1.run(AbstractCont

                  ollerService.java:299)

                          at java.lang.Thread.run(Thread.java:745)

                  Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[45,8]

                  Message: WFLYCTL0197: Unexpected attribute 'password' encountered

                   

                  how to fix this?

                  • 7. Re: SSL under wildfly without https
                    Martin Choma Expert

                    keystore-password is password attribute in wildfly. You found tutorial based on AS 7. In tutorial I provided it is correct

                    • 8. Re: SSL under wildfly without https
                      Andrew Bryukhov Newbie

                      Ok, already fixed, plus needed to set alias and copy file to standalone config. Now server side without errors.

                      • 9. Re: SSL under wildfly without https
                        Andrew Bryukhov Newbie

                        Client does not work (

                         

                        sources at http://www.filedropper.com/ssl-remote-ejb

                         

                        C:\...ettings\andrew\Desktop\main\ssl-remote-ejb\client\target>re=C:\client.keystore -Djavax.net.ssl.trustStorePassword=123456

                        ьрЁ 15, 2016 12:24:48 PM org.xnio.Xnio <clinit>

                        INFO: XNIO version 3.2.2.Final

                        ьрЁ 15, 2016 12:24:48 PM org.xnio.nio.NioXnio <clinit>

                        INFO: XNIO NIO Implementation Version 3.2.2.Final

                        ьрЁ 15, 2016 12:24:49 PM org.jboss.remoting3.EndpointImpl <clinit>

                        INFO: JBoss Remoting version 4.0.3.Final

                        ьрЁ 15, 2016 12:24:54 PM org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers

                        WARN: Could not register a EJB receiver for connection to 127.0.0.1:4447

                        java.lang.RuntimeException: Operation failed with status WAITING

                                at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:94)                                        12:28

                                at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:80)

                                at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)

                                at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:161)

                                at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:118)

                                at org.jboss.ejb.client.naming.ejb.EjbNamingContext.createIdentifiableEjbClientContext(EjbNamingContext.java:269)

                                at org.jboss.ejb.client.naming.ejb.EjbNamingContext.setupScopedEjbClientContextIfNeeded(EjbNamingContext.java:134)

                                at org.jboss.ejb.client.naming.ejb.EjbNamingContext.<init>(EjbNamingContext.java:101)

                                at org.jboss.ejb.client.naming.ejb.ejbURLContextFactory.getObjectInstance(ejbURLContextFactory.java:38)

                                at javax.naming.spi.NamingManager.getURLObject(Unknown Source)

                                at javax.naming.spi.NamingManager.getURLContext(Unknown Source)

                                at javax.naming.InitialContext.getURLOrDefaultInitCtx(Unknown Source)

                                at javax.naming.InitialContext.lookup(Unknown Source)

                                at com.illucit.ejbremote.EjbRemoteClient.createEjbProxy(EjbRemoteClient.java:236)

                                at com.illucit.ejbremote.EjbRemoteClient.main(EjbRemoteClient.java:118)

                         

                         

                        ьрЁ 15, 2016 12:24:54 PM org.jboss.ejb.client.EJBClient <clinit>

                        INFO: JBoss EJB Client version 2.1.4.Final

                        Error accessing remote bean

                        java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:, moduleName:ejb-remote-server, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@71bbf57e

                                at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:798)

                                at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:128)

                                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186)

                                at org.jboss.ejb.client.EJBInvocationHandler.sendRequestWithPossibleRetries(EJBInvocationHandler.java:255)

                                at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:200)

                                at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:183)

                                at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)

                                at com.sun.proxy.$Proxy2.greet(Unknown Source)

                                at com.illucit.ejbremote.EjbRemoteClient.main(EjbRemoteClient.java:135)

                        ----------------------------------

                        Server:

                         

                        00:06:31,645 INFO  [org.jboss.modules] (main) JBoss Modules version 1.5.1.Final

                        00:06:32,224 INFO  [org.jboss.msc] (main) JBoss MSC version 1.2.6.Final

                        00:06:32,415 INFO  [org.jboss.as] (MSC service thread 1-4) WFLYSRV0049: WildFly

                        Full 10.0.0.Final (WildFly Core 2.0.10.Final) starting

                        00:06:36,670 INFO  [org.jboss.as.server.deployment.scanner] (DeploymentScanner-t

                        hreads - 1) WFLYDS0015: Re-attempting failed deployment ejb-remote-server.jar

                        00:06:36,955 INFO  [org.jboss.as.repository] (ServerService Thread Pool -- 7) WF

                        LYDR0001: Content added at location C:\Documents and Settings\andrew\Desktop\mai

                        n\wildfly-10.0.0.Final\standalone\data\content\e8\d3b94060318880b29abb6bd0b8f8fa

                        9a9b192a\content

                        00:06:37,000 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: C

                        reating http management service using socket-binding (management-http)

                        00:06:37,052 INFO  [org.xnio] (MSC service thread 1-3) XNIO version 3.3.4.Final

                        00:06:37,095 INFO  [org.xnio.nio] (MSC service thread 1-3) XNIO NIO Implementati

                        on Version 3.3.4.Final

                        00:06:37,267 INFO  [org.jboss.as.naming] (ServerService Thread Pool -- 46) WFLYN

                        AM0001: Activating Naming Subsystem

                        00:06:37,343 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Po

                        ol -- 38) WFLYCLINF0001: Activating Infinispan subsystem.

                        00:06:37,373 INFO  [org.jboss.as.jsf] (ServerService Thread Pool -- 44) WFLYJSF0

                        007: Activated the following JSF Implementations: [main]

                        00:06:37,463 INFO  [org.wildfly.extension.io] (ServerService Thread Pool -- 37)

                        WFLYIO001: Worker 'default' has auto-configured to 4 core threads with 32 task t

                        hreads based on your 2 available processors

                        00:06:37,510 INFO  [org.jboss.as.webservices] (ServerService Thread Pool -- 56)

                        WFLYWS0002: Activating WebServices Extension

                        00:06:37,528 INFO  [org.jboss.as.security] (ServerService Thread Pool -- 53) WFL

                        YSEC0002: Activating Security Subsystem

                        00:06:37,535 WARN  [org.jboss.as.txn] (ServerService Thread Pool -- 54) WFLYTX00

                        13: Node identifier property is set to the default value. Please make sure it is

                        unique.

                        00:06:37,751 INFO  [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting

                        version 4.0.18.Final

                        00:06:38,181 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -

                        - 55) WFLYUT0003: Undertow 1.3.15.Final starting

                        00:06:38,263 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-4) WFL

                        YUT0003: Undertow 1.3.15.Final starting

                        00:06:38,303 INFO  [org.jboss.as.naming] (MSC service thread 1-1) WFLYNAM0003: S

                        tarting Naming Service

                        00:06:38,313 INFO  [org.jboss.as.mail.extension] (MSC service thread 1-3) WFLYMA

                        IL0001: Bound mail session [java:jboss/mail/Default]

                        00:06:38,536 INFO  [org.jboss.as.connector] (MSC service thread 1-1) WFLYJCA0009

                        : Starting JCA Subsystem (WildFly/IronJacamar 1.3.2.Final)

                        00:06:38,632 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerServic

                        e Thread Pool -- 33) WFLYJCA0005: Deploying non-JDBC-compliant driver class org.

                        postgresql.Driver (version 9.4)

                        00:06:38,498 INFO  [org.jboss.as.security] (MSC service thread 1-2) WFLYSEC0001:

                        Current PicketBox version=4.9.4.Final

                        00:06:38,891 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1

                        -3) WFLYJCA0018: Started Driver service with driver-name = postgresql

                        00:06:39,120 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -

                        - 55) WFLYUT0014: Creating file handler for path 'C:\Documents and Settings\andr

                        ew\Desktop\main\wildfly-10.0.0.Final/welcome-content' with options [directory-li

                        sting: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-pa

                        ths: '[]']

                        00:06:39,125 INFO  [org.jboss.as.ejb3] (MSC service thread 1-1) WFLYEJB0481: Str

                        ict pool slsb-strict-max-pool is using a max instance size of 32 (per class), wh

                        ich is derived from thread worker pool sizing.

                        00:06:39,162 INFO  [org.jboss.as.ejb3] (MSC service thread 1-3) WFLYEJB0482: Str

                        ict pool mdb-strict-max-pool is using a max instance size of 8 (per class), whic

                        h is derived from the number of CPUs on this host.

                        00:06:39,526 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-4) WFL

                        YUT0012: Started server default-server.

                        00:06:39,648 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-4) WFL

                        YUT0018: Host default-host starting

                        00:06:39,889 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-4) WFL

                        YUT0006: Undertow HTTP listener default listening on 127.0.0.1:8080

                        00:06:40,667 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) WFL

                        YSRV0027: Starting deployment of "ejb-remote-server.jar" (runtime-name: "ejb-rem

                        ote-server.jar")

                        00:06:40,698 INFO  [org.jboss.as.server.deployment.scanner] (MSC service thread

                        1-1) WFLYDS0013: Started FileSystemDeploymentService for directory C:\Documents

                        and Settings\andrew\Desktop\main\wildfly-10.0.0.Final\standalone\deployments

                        00:06:40,944 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service

                        thread 1-4) WFLYJCA0001: Bound data source [java:jboss/datasources/PostgreDataSo

                        urce]

                        00:06:41,733 INFO  [org.jboss.ws.common.management] (MSC service thread 1-1) JBW

                        S022052: Starting JBossWS 5.1.3.Final (Apache CXF 3.1.4)

                        00:06:41,747 INFO  [org.infinispan.factories.GlobalComponentRegistry] (MSC servi

                        ce thread 1-4) ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final

                        00:06:41,756 INFO  [org.infinispan.factories.GlobalComponentRegistry] (MSC servi

                        ce thread 1-2) ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final

                        00:06:42,954 INFO  [org.jboss.weld.deployer] (MSC service thread 1-1) WFLYWELD00

                        03: Processing weld deployment ejb-remote-server.jar

                        00:06:43,286 INFO  [org.hibernate.validator.internal.util.Version] (MSC service

                        thread 1-1) HV000001: Hibernate Validator 5.2.3.Final

                        00:06:43,532 INFO  [org.jboss.as.ejb3.deployment] (MSC service thread 1-1) WFLYE

                        JB0473: JNDI bindings for session bean named 'ExampleServiceImpl' in deployment

                        unit 'deployment "ejb-remote-server.jar"' are as follows:

                         

                         

                                java:global/ejb-remote-server/ExampleServiceImpl!com.illucit.ejbremote.s

                        erver.ExampleService

                                java:app/ejb-remote-server/ExampleServiceImpl!com.illucit.ejbremote.serv

                        er.ExampleService

                                java:module/ExampleServiceImpl!com.illucit.ejbremote.server.ExampleServi

                        ce

                                java:jboss/exported/ejb-remote-server/ExampleServiceImpl!com.illucit.ejb

                        remote.server.ExampleService

                                java:global/ejb-remote-server/ExampleServiceImpl

                                java:app/ejb-remote-server/ExampleServiceImpl

                                java:module/ExampleServiceImpl

                         

                         

                        00:06:43,818 INFO  [org.jboss.weld.deployer] (MSC service thread 1-1) WFLYWELD00

                        06: Starting Services for CDI deployment: ejb-remote-server.jar

                        00:06:43,840 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuil

                        der] (ServerService Thread Pool -- 58) ISPN000152: Passivation configured withou

                        t an eviction policy being selected. Only manually evicted entities will be pass

                        ivated.

                        00:06:43,914 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuil

                        der] (ServerService Thread Pool -- 58) ISPN000152: Passivation configured withou

                        t an eviction policy being selected. Only manually evicted entities will be pass

                        ivated.

                        00:06:43,962 INFO  [org.jboss.weld.Version] (MSC service thread 1-1) WELD-000900

                        : 2.3.2 (Final)

                        00:06:44,005 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuil

                        der] (ServerService Thread Pool -- 59) ISPN000152: Passivation configured withou

                        t an eviction policy being selected. Only manually evicted entities will be pass

                        ivated.

                        00:06:44,089 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuil

                        der] (ServerService Thread Pool -- 59) ISPN000152: Passivation configured withou

                        t an eviction policy being selected. Only manually evicted entities will be pass

                        ivated.

                        00:06:44,095 INFO  [org.jboss.weld.deployer] (MSC service thread 1-1) WFLYWELD00

                        09: Starting weld service for deployment ejb-remote-server.jar

                        00:06:45,140 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Po

                        ol -- 58) WFLYCLINF0002: Started client-mappings cache from ejb container

                        00:06:46,419 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 34) WFLYS

                        RV0010: Deployed "ejb-remote-server.jar" (runtime-name : "ejb-remote-server.jar"

                        )

                        00:06:46,801 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http man

                        agement interface listening on http://127.0.0.1:9990/management

                        00:06:46,805 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin co

                        nsole listening on http://127.0.0.1:9990

                        00:06:46,807 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly

                        Full 10.0.0.Final (WildFly Core 2.0.10.Final) started in 16081ms - Started 364 o

                        f 634 services (378 services are lazy, passive or on-demand)

                        • 10. Re: SSL under wildfly without https
                          Martin Choma Expert

                          You are trying to connect to port 4447. It is not default remoting port anymore in wildfly.  But probably it is why you were asking about socket-binding.

                           

                          But see this thread and mainly correct answer to see how you can configure ejb to use TLS in wildfly How to use SSL/TLS encryption and database authorization/authentication to call EJB in WildFly 8 CR1?

                          • 11. Re: SSL under wildfly without https
                            Andrew Bryukhov Newbie

                            I'm trying to change standalone.xml:

                            <socket-binding name="remoting" port="4447"/>

                            but have similar result.

                             

                            Now i reading last article in cycle, but not see resolution.

                            I need to have on client side open part of ssl only (only public cert), becouse application is fully public.