Warning message

A translation for your language preference does not exist.

Secure management interface with HTTPS/TLS in JBoss EAP 7.1+ with Elytron

Solution 確認済 - 更新日時 -
日本語 への翻訳依頼

環境

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 7.1+
    • 8.x
  • Elytron security
  • Hypertext Transfer Protocol Secure (HTTPS)
  • Transport Layer Security (TLS)
  • JBoss Command-Line interface (CLI), http-remoting connector, or management interface connections

問題

  • Enable One-way SSL/TLS

解決策

  1. Obtain or generate the keystore :

    keytool -genkeypair -alias localhost -keyalg RSA -keysize 1024 -validity 365 -keystore keystore.jks -dname "CN=localhost" -keypass secret -storepass secret

  2. Copy the keystore.jks file to $EAP_HOME/domain/configuration when using domain mode or $EAP_HOME/standalone/configuration when using standalone mode.

  3. Create a key-store, key-manager, and server-ssl-context :

    • Standalone mode:

      /subsystem=elytron/key-store=httpsKS:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)

/subsystem=elytron/key-manager=httpsKM:add(key-store=httpsKS,algorithm="SunX509",credential-reference={clear-text=secret})

/subsystem=elytron/server-ssl-context=httpsSSC:add(key-manager=httpsKM,protocols=["TLSv1.2"])

    • Domain mode:

      /host=master/subsystem=elytron/key-store=httpsKS:add(path=keystore.jks,relative-to=jboss.domain.config.dir,credential-reference={clear-text=secret},type=JKS)

/host=master/subsystem=elytron/key-manager=httpsKM:add(key-store=httpsKS,algorithm="SunX509",credential-reference={clear-text=secret})

/host=master/subsystem=elytron/server-ssl-context=httpsSSC:add(key-manager=httpsKM,protocols=["TLSv1.2"])

  4. Configure the management console to use ssl-context :

    • Standalone mode:

      /core-service=management/management-interface=http-interface:write-attribute(name=ssl-context, value=httpsSSC)

    • Domain mode:

      /host=master/core-service=management/management-interface=http-interface:write-attribute(name=ssl-context, value=httpsSSC)

  5. Configure the management interface to use a secure interface and port :

    • Standalone mode:

      /core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)

    • Domain mode:

      /host=master/core-service=management/management-interface=http-interface:write-attribute(name=secure-interface, value=management)

/host=master/core-service=management/management-interface=http-interface:write-attribute(name=secure-port, value=9443)

  6. Reload the JBoss EAP instance:

    • Standalone mode:

      reload

    • Domain mode:

      /host=master:reload

このソリューションは、Red Hat のエンジニアがお客様のサポート中に作成したナレッジコンテンツの大型ライブラリーを提供する Fast-Track Publication Program の一環です。お客様が必要とする知識・情報を即時に提供するために、これらの記事は、未処理・未編集の状態で提示される場合がありますので、予めご了承ください。

コメント