Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-2950

jboss-cli using https-remoting: command not executed if certificate is unrecognised

XMLWordPrintable

    • Hide

      With the management realm configured with an SSL server identity, and trying to run this from the command line to shutdown WildFly:

      jboss-cli.bat --connect --controller=https-remoting://localhost:9993 --command=:shutdown

      This message appears:

      Unable to connect due to unrecognised server certificate
      Subject - ...
      Issuer - ...
      Valid From - Fri May 25 14:17:25 BST 2012
      Valid To - Sat Jun 25 00:00:00 BST 2022
      SHA1 : ...
      MD5 : ...

      Accept certificate? [N]o, [T]emporarily, [P]ermenantly :

      The :shutdown command is not issued after any of the options. (using 'P' and running the command line again works).

      (as a minor aside, [P]ermenantly is not spelt quite right - should be [P]ermanently)

      Show
      With the management realm configured with an SSL server identity, and trying to run this from the command line to shutdown WildFly: jboss-cli.bat --connect --controller=https-remoting://localhost:9993 --command=:shutdown This message appears: Unable to connect due to unrecognised server certificate Subject - ... Issuer - ... Valid From - Fri May 25 14:17:25 BST 2012 Valid To - Sat Jun 25 00:00:00 BST 2022 SHA1 : ... MD5 : ... Accept certificate? [N] o, [T] emporarily, [P] ermenantly : The :shutdown command is not issued after any of the options. (using 'P' and running the command line again works). (as a minor aside, [P] ermenantly is not spelt quite right - should be [P] ermanently)
    • Hide

      Omitting the --command= option causes the cli to start in input mode, and the :shutdown command can then be issued manually.

      (but this makes it harder to call from scripts).

      Show
      Omitting the --command= option causes the cli to start in input mode, and the :shutdown command can then be issued manually. (but this makes it harder to call from scripts).

      When using the https management interface from jboss-cli, commands passed with a command line option (such as --command=:shutdown) are not executed if the server certificate is unrecognised - even if accepting the certificate [T]emporarily or [P]ermenantly.

      It appears to be due to the CommandContextImpl.handleSSLFailure() method, which calls error("Unable to connect..."). The error() method sets the exitCode to 1. So, when CliLauncher.processCommands() subsequently runs, it sees that the cmdCtx.exitCode is 1 and ignores any commands.

      I guess the handleSSLFailure needs to reset the exitCode to 0 if the user chooses [T] or [P].

              darran.lofthouse@redhat.com Darran Lofthouse
              darrenjones_jira Darren Jones (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: