Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-1700

Unable to configure https using CLI with attribute enabled-cipher-suites

XMLWordPrintable

    • Hide

      1) run this cli commands

      /core-service=management/security-realm=FIPSRealm:add
      /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB")
      /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-cipher-suites="DHE", enabled-protocols="TLSv1")
      

      2) NullPointerException occures during server start

      Show
      1) run this cli commands /core-service=management/security-realm=FIPSRealm:add /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password= "NSS FIPS 140-2 Certificate DB" ) /subsystem=undertow/server= default -server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-cipher-suites= "DHE" , enabled-protocols= "TLSv1" ) 2) NullPointerException occures during server start

      User is unable to configure https using enabled-cipher-suites attribute

      [standalone@localhost:9990 /] /core-service=management/security-realm=FIPSRealm:add
      {"outcome" => "success"}
      [standalone@localhost:9990 /] /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB")
      {
          "outcome" => "success",
          "response-headers" => {
              "operation-requires-reload" => true,
              "process-state" => "reload-required"
          }
      }
      [standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-cipher-suites="DHE", enabled-protocols="TLSv1")
      {
          "outcome" => "failed",
          "failure-description" => {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
          Caused by: java.lang.NullPointerException"}},
          "rolled-back" => true,
          "response-headers" => {"process-state" => "reload-required"}
      }
      
      14:52:20,753 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.undertow.listener.https: org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.NullPointerException
      	at org.wildfly.extension.undertow.HttpsListenerService.startListening(HttpsListenerService.java:120)
      	at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:138)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
      	... 3 more
      
      14:52:20,753 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("add") failed - address: ([
          ("subsystem" => "undertow"),
          ("server" => "default-server"),
          ("https-listener" => "https")
      ]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
          Caused by: java.lang.NullPointerException"}}
      

      This works OK. It means reload is used between commands

      /core-service=management/security-realm=FIPSRealm:add
      /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB")
      reload
      /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-cipher-suites="DHE", enabled-protocols="TLSv1")
      

      Also same commands without enabled-cipher-suites works OK

      /core-service=management/security-realm=FIPSRealm:add
      /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB")
      /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-protocols="TLSv1")
      

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: