Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2333

Native management interface does not work with SSL/TLS based on Elytron SSL Context


    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 3.0.0.Beta26
    • 3.0.0.Beta2
    • Security
    • None
    • Hide
      1. Add socket-binding-group: /socket-binding-group=standard-sockets/socket-binding=native:add(port=9999)
      2. Using the socket-binding-group, follow [1] or [2] to set management native-interface (instead of http-interface) backed by SSL Context from Elytron
      3. Run ./bin/jboss-cli.sh --controller=remote+https://localhost:9999 -c or ./bin/jboss-cli.sh --controller=https-remoting://localhost:9999 -c
      Add socket-binding-group : /socket-binding-group=standard-sockets/socket-binding=native:add(port=9999) Using the socket-binding-group , follow [1] or [2] to set management native-interface (instead of http-interface ) backed by SSL Context from Elytron Run ./bin/jboss-cli.sh --controller=remote+ https://localhost:9999 -c or ./bin/jboss-cli.sh --controller=https-remoting://localhost:9999 -c

      Following [1,2] to set management native-interface backed by SSL Context from Elytron, jboss-cli connection results in:

      Failed to connect to the controller: Unable to negotiate SSL connection with controller at localhost:9999

      Are there any configuration steps that needs to be performed for this configuration to work?

      [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-EnableOnewaySSL%2FTLSfortheManagementInterfacesUsingtheElytronSubsystem
      [2] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildFlyElytronSecurity-EnableTwowaySSL%2FTLSfortheManagementInterfacesusingtheElytronSubsystem

            Unassigned Unassigned
            okotek@redhat.com Ondrej Kotek
            Ondrej Kotek Ondrej Kotek
            0 Vote for this issue
            2 Start watching this issue