Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
Description
When configuring SSL/TLS for the management interfaces, you need to specify an (ssl-context or security-realm) and secure-socket-binding. When using ssl-context and secure-socket-binding, it fails with:
"WFLYCTL0380: Attribute 'security-realm' needs to be set or passed before attribute 'secure-socket-binding' can be correctly set"
failing operations:
batch
/subsystem=elytron/key-store=httpsKS:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)
/subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509",credential-reference={clear-text=secret})
/subsystem=elytron/server-ssl-context=httpsSSC:add(key-managers=httpsKM,protocols=["TLSv1.1"])
/core-service=management/management-interface=http-interface:write-attribute(name=ssl-context, value=httpsSSC)
/core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)
run-batch
reload
Oddly, this will pass (specifying BOTH ssl-context and security-realm):
batch
/subsystem=elytron/key-store=httpsKS:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)
/subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509",credential-reference={clear-text=secret})
/subsystem=elytron/server-ssl-context=httpsSSC:add(key-managers=httpsKM,protocols=["TLSv1.1"])
/core-service=management/management-interface=http-interface:write-attribute(name=ssl-context, value=httpsSSC)
/core-service=management/management-interface=http-interface:write-attribute(name=security-realm, value=ManagementDomain)
/core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)
run-batch
reload
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- is incorporated by
-
-
- Verified
-
