Petr Mates [https://community.jboss.org/people/mates1234] created the discussion "Re: Remoting-connector with SSL" To view the discussion, visit: https://community.jboss.org/message/720164#720164 -------------------------------------------------------------- That is it. Thanks remote.connection.x1.connect.options.org.xnio.Options.SSL_STARTTLS=true solve the problem. -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/720164#720164] Start a new discussion in JBoss AS 7 Development at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]

mrusinak [https://community.jboss.org/people/mrusinak] created the discussion "Re: Remoting-connector with SSL" To view the discussion, visit: https://community.jboss.org/message/738597#738597 -------------------------------------------------------------- Hello, I have a followup question. Is there any way to make the client ignore the server's certificate? We want to use SSL for encryption on remote EJB queries, but do not have control over the JVM the client runs to set the JVM level truststore / certificates to trust. Using: remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=true remote.connections = x1 remote.connection.x1.host       = 127.0.0.1 remote.connection.x1.port       = 9112 remote.connection.x1.username   = admin remote.connection.x1.password   = admin remote.connection.x1.connect.options.org.xnio.Options.SSL_STARTTLS=true remote.connection.x1.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true remote.connection.x1.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=true remote.connection.x1.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER On running my client (which just tries to initiate a connection), I get an error on client during EJB reciever registration: INFO [main] (EndpointImpl.java:70) - JBoss Remoting version 3.2.3.GA ERROR [Remoting "config-based-ejb-client-endpoint" read-1] (RemoteConnection.java:99) - JBREM000200: Remote connection failed: java.io.IOException: JBREM000202: Abrupt close on Remoting connection 76933bcb to computer/127.0.0.1:9112 WARN [main] (ConfigBasedEJBClientContextSelector.java:133) - Could not register a EJB receiver for connection to remote://127.0.0.1:9112 java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem With this jboss-side error: ERROR [org.jboss.remoting.remote.connection] (Remoting "computer" read-1) JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Fatal Alert received: Certificate Unknown Thanks for any help! -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/738597#738597] Start a new discussion in JBoss AS 7 Development at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]

mrusinak [https://community.jboss.org/people/mrusinak] created the discussion "Re: Remoting-connector with SSL" To view the discussion, visit: https://community.jboss.org/message/738777#738777 -------------------------------------------------------------- Sorry, what I meant when I said JVM-level was exactly what you typed - the client is more or less a plugin to running framework, so it isn't started in its own command windows / environment. And while I can certainly access/change those via System, that affects every other "plugin" as well. I do realize not validating the certificate can lead to man-in-the-middle, but since we currently do not use SSL at all we have other means of validating who we are talking to. This is just a first step to get encrypted traffic. If we can't allow the client to ignore the certificate, then is there a way to be able to pass in our certificate to the properties used for .lookup()? -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/738777#738777] Start a new discussion in JBoss AS 7 Development at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]