How to avoid manual interaction of accepting certificate while using CLI API?

Solution Unverified - Updated -

Issue

  • While trying to connect to a remote jboss instance programatically which is ssl protected using the default localuser setup which comes by default with jboss for cli.

  • The SSL Certificate in the "ManagementRealm"is configured as following:

    <management>
        <security-realms>
            <security-realm name="ManagementRealm">
                <server-identities>
                    <ssl>
                        <keystore path="jbossweb.keystore" relative-to="jboss.server.config.dir" password="jbossweb"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <local default-user="$local"/>
                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>
            .
            .
    </management>
  • It seems to connect but shows a ssl message to prompting to accept the certificate.
  • How do
    • 1) Accept the certificate programitically in the code.[OR]
    • 2) Run this in the interactive mode and accept certificate.
       ctx = org.jboss.as.cli.CommandContextFactory.getInstance().newCommandContext(credentials.getUsername(), credentials.getPassword().toCharArray());
       ctx.connectController(credentials.getHost(),credentials.getPort());
  • While shutting down windows service, which does a shutdown via CLI, log shows Unable to connect due to unrecognised server certificate with Accept certificate? [N]o, [T]emporarily, [P]ermenantly options. How do I permanently import the certificate for the system account user ?
  • While running some CLI scripts, we see the generated CLI processes hanging in calls like the following:
"Remoting "cli-client" I/O-1" #11 daemon prio=5 os_prio=0 tid=0x00007fa4e45f6800 nid=0x4a58 waiting on condition [0x00007fa4d1e34000]
   java.lang.Thread.State: WAITING (parking)
        at sun.misc.Unsafe.park(Native Method)
        - parking to wait for  <0x00000000eca42550> (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject)
        at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
        at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:2039)
        at java.util.concurrent.ArrayBlockingQueue.take(ArrayBlockingQueue.java:403)
        at org.jboss.aesh.console.Console.getInput(Console.java:501)
        at org.jboss.aesh.console.Console.getInputLine(Console.java:545)
        at org.jboss.as.cli.impl.Console$Factory$1.read(Console.java:231)
        at org.jboss.as.cli.impl.Console$Factory$1.readLine(Console.java:202)
        at org.jboss.as.cli.impl.CommandContextImpl.readLine(CommandContextImpl.java:899)
        at org.jboss.as.cli.impl.CommandContextImpl.handleSSLFailure(CommandContextImpl.java:1121)

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.x
    • 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content