Re: [keycloak-dev] jboss-cli access to SSL/secured mgmt port FAILs for keycloak8/wildfly17 configured with Eltyron SSL subsystem & 2-way SSL auth for MgmtUI ?
As usual, dig around in enuf random places ...
What additional elytron (other?) subsystem command 'magic' is
needed to get the jboss-cli WF client working on the secured SSL port?
adding all the correct '-Djavax.net.ssl.*' values, AND specifically using
--controller=remote+https://...
does the trick.
this, now,
jboss-cli.sh \
--connect \
--controller=remote+https://10.0.0.1:9993 \
-Djavax.net.ssl.trustStore=/etc/keycloak/truststore.client.jks \
-Djavax.net.ssl.trustStorePassword=tspass \
-Djavax.net.ssl.keyStore=/etc/keycloak/keystore.client.jks \
-Djavax.net.ssl.keyStorePassword=kspass \
--properties=/etc/keycloak/jboss.properties \
--user=mgmtuser \
--password=mgmtpass \
version
works