5 Replies Latest reply: Mar 28, 2012 5:03 AM by karin k RSS

enabling ssl for the communication between master and slave host controller

karin k Newbie

Hi everybody

 

this question is related to JBoss 7.1.1.

 

I would like to enable ssl between master and slave host controller

 

this is my config

host.xml of the master

<security-realm name="ManagementRealmNative">

                <server-identities>

                        <ssl>

                            <keystore path="master-jboss.jks" relative-to="jboss.domain.config.dir" password="12345"/>

                        </ssl>

                 </server-identities>

                <authentication>

                     <truststore path="trusted.jks" relative-to="jboss.domain.config.dir" password="12345"/>

                    <properties path="mgmt-users-native.properties" relative-to="jboss.domain.config.dir"/>       

                </authentication>

</security-realm>

...

<management-interfaces>

            <native-interface security-realm="ManagementRealmNative" >

                <socket interface="management" port="9999"/>

            </native-interface>

...

<domain-controller>

        <local/>

</domain-controller>

 

host.xml of the slave

  <security-realm name="ManagementRealmNative">

            <server-identities>

                        <ssl>

                            <keystore path="jboss-slave.jks" relative-to="jboss.domain.config.dir" password="12345"/>

                        </ssl>

             </server-identities>

            <authentication>

                <truststore path="trusted_devmod.jks" relative-to="jboss.domain.config.dir" password="12345"/>

            </authentication>

               

            </security-realm>

....

<management-interfaces>

            <native-interface security-realm="ManagementRealmNative" >

                <socket interface="management" port="19999"/>

            </native-interface>

..

<domain-controller>

       <remote host="myip" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealmNative"/>

    </domain-controller>

 

acutally it seems to work (with ssl), I have not debug it, but when using a slave host-controller without ssl enabled I got an error on the master host-controller claiming : Remote connection failed: javax.net.ssl.SSLHandshakeException: no cipher suites in common

 

Can you pls. just verify my configuration if that makes sense from your point of view.

 

In the next step I was trying to access the master host controller via using jboss-cli.bat locally on the same machine.

This failed with the following error message on the master host controller side:

[org.jboss.remoting.remote.connection] (Remoting "master:MANAGEMENT" read-1) JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

 

Reading this wiki text

https://community.jboss.org/wiki/AS710Beta1-SecurityEnabledByDefault

I thought that local clients will be handled from a security point of view in a different way (using a one time token generated by the server).

Is this a at the moment a bug or did I misinterpret the wiki or is my config not correct

 

Thanks for your help

Karin