Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9152

Native management interface does not work with SSL/TLS based on Elytron SSL Context

XMLWordPrintable

    • Hide
      1. Add socket-binding-group: /socket-binding-group=standard-sockets/socket-binding=native:add(port=9999)
      2. Using the socket-binding-group, follow [1] or [2] to set management native-interface (instead of http-interface) backed by SSL Context from Elytron
      3. Run ./bin/jboss-cli.sh --controller=remote+https://localhost:9999 -c or ./bin/jboss-cli.sh --controller=https-remoting://localhost:9999 -c
      Show
      Add socket-binding-group : /socket-binding-group=standard-sockets/socket-binding=native:add(port=9999) Using the socket-binding-group , follow [1] or [2] to set management native-interface (instead of http-interface ) backed by SSL Context from Elytron Run ./bin/jboss-cli.sh --controller=remote+ https://localhost:9999 -c or ./bin/jboss-cli.sh --controller=https-remoting://localhost:9999 -c

      Following [1,2] to set management native-interface backed by SSL Context from Elytron, jboss-cli connection results in:

      Failed to connect to the controller: Unable to negotiate SSL connection with controller at localhost:9999

      Are there any configuration steps that needs to be performed for this configuration to work?

      [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-EnableOnewaySSL%2FTLSfortheManagementInterfacesUsingtheElytronSubsystem
      [2] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-EnableTwowaySSL%2FTLSfortheManagementInterfacesusingtheElytronSubsystem

              darran.lofthouse@redhat.com Darran Lofthouse
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: