3.3. Troubleshooting SSL Problems

Make sure that both the agent and the server hostnames are resolvable to the hostnames in their server certificates.

Make sure that port number given for the server's secure port is actually the port number configured for the server. Check the Administration > High Availability > Servers page and verify that the public endpoint address and port are correct. Edit the server definition in the UI so they are the same as the SSL configuration.

If these values do not match the same values configured for the SSL connection, the agent will not be able to talk to the server.

Make sure that both the agent and the server hostnames are resolvable to the hostnames in their server certificates.

Make sure that every certificate that is used for agent-server communication is stored in the requisite keystores with the proper aliases.

Check that the password is properly set to access the keystore.

Make sure that the communication is set to use TLS.

Validate the server and agent configuration, especially the assigned transport (socket or servlet) options. There are examples of configuration in Section 3.3.3, “Example SSL Configuration”.

If client authentication is required and the server is using the sslservlet transport option, make sure that every user who connects to the JBoss ON UI has an installed user certificate so that they can connect to the server UI using client authentication. As with the agent certificate, the user certificates must be stored in the server's keystore, Section 3.2, “Setting up Client Authentication Between Servers and Agents”.

If users are unable to connect using client authentication, then change the server to use sslsocket instead of sslservlet.