[jboss-jira] [JBoss JIRA] (WFCORE-4585) Not working configured SSL using legacy security-realm in ManagementRealm on host.xml

Brian Stansberry (Jira) issues at jboss.org
Mon Jul 29 17:11:00 EDT 2019 

     [ https://issues.jboss.org/browse/WFCORE-4585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Stansberry updated WFCORE-4585:
-------------------------------------
    Workaround Description: 
In host.xml configure a 'secure-interface' and 'secure-port' on the management http interface

{code}<socket interface="localonly" secure-interface="management" port="${jboss.management.http.port:9990}" secure-port="${jboss.management.https.port:9993}"/>
{code}

Assuming you don't want to expose the HTTP port externally, create a separate interface that's bound to localhost. For example if you use 192.168.100.10 for your 'management' interface, in host.xml"

{code} 

     <interfaces>
        <interface name="localonly">
            <inet-address value="127.0.0.1"/>
        </interface>
        <interface name="management">
            <inet-address value="192.168.100.10"/>
        </interface>
{code}


> Not working configured SSL using legacy security-realm in ManagementRealm on host.xml  
> ---------------------------------------------------------------------------------------
>
>                 Key: WFCORE-4585
>                 URL: https://issues.jboss.org/browse/WFCORE-4585
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>         Environment: tried in Linux version RHEL 7.2
>            Reporter: Tarak A
>            Assignee: Jaikiran Pai
>            Priority: Major
>             Fix For: 10.0.0.Beta2
>
>
> Hi Team,
> We need your suggestion to fix SSL configuration issue in  legacy security-realm in ManagementRealm on host.xml, and it is causing not to start master node  with legacy  SSL settings in Wildfly 17.0.1 Final version. Below are the example setting we used to configure,same settings working in Wildfly 15.0.1. 
> SSL 
> <security-realm name="ManagementRealm">
>   <server-identities>
>     <ssl>
>       <keystore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="keystore_password" alias="server" key-password="key_password" />
>     </ssl>
>   </server-identities>
>   <authentication>
>     <truststore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="truststore_password" />
>     <local default-user="$local"/>
>     <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
>   </authentication>
> </security-realm>



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list