Bug 1037837

Summary: Invalid commands in procedure in 2-way SSL for management interface/CLI
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Chris Dolphy <cdolphy>
Component: DocumentationAssignee: gsheldon
Status: CLOSED CURRENTRELEASE QA Contact: Russell Dickenson <rdickens>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2.0CC: gsheldon, olukas
Target Milestone: GAKeywords: Documentation, EasyFix, Triaged
Target Release: EAP 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Build Name: 14876, Security Guide-6.2-1 Build Date: 18-10-2013 13:25:27 Topic ID: 22641-542817 [Latest]
Last Closed: 2014-06-28 15:28:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Chris Dolphy 2013-12-03 21:45:27 UTC 
Title: Using 2-way SSL for the Management interface and the CLI

Describe the issue:

Two issues in step #4 of the procedure.

1) This command is invalid:
/core-service=management/security-realm=CertificateRealm:add/server-identity=ssl:add(keystore-path=/path/to/HOST1.keystore.jks,keystore-password=secret, alias=HOST1_alias)

The first :add is a mistake and should be:
/core-service=management/security-realm=CertificateRealm/server-identity=ssl:add(keystore-path=/path/to/HOST1.keystore.jks,keystore-password=secret, alias=HOST1_alias)

2) It doesn't indicate that these command are only for standalone.  If you run these commands on a domain setup you are left with a server that won't start.

One needs to add /host=master before each command for a domain mode install.

Suggestions for improvement:

Be nice if it would give an example for 'point the interface to it:'

Additional information:
Comment 1 gsheldon 2014-02-17 04:27:13 UTC 
(In reply to Chris Dolphy from comment #0)
> Title: Using 2-way SSL for the Management interface and the CLI
> 
> Describe the issue:
> 
> Two issues in step #4 of the procedure.
> 
> 1) This command is invalid:
> /core-service=management/security-realm=CertificateRealm:add/server-
> identity=ssl:add(keystore-path=/path/to/HOST1.keystore.jks,keystore-
> password=secret, alias=HOST1_alias)
> 
> The first :add is a mistake and should be:
> /core-service=management/security-realm=CertificateRealm/server-identity=ssl:
> add(keystore-path=/path/to/HOST1.keystore.jks,keystore-password=secret,
> alias=HOST1_alias)

Corrected.

> 
> 2) It doesn't indicate that these command are only for standalone.  If you
> run these commands on a domain setup you are left with a server that won't
> start.
> 
> One needs to add /host=master before each command for a domain mode install.

Added the following Important note:

Important
  The provided commands apply to standalone mode only. For domain mode, add /host=master before each command. 
	

> 
> Suggestions for improvement:
> 
> Be nice if it would give an example for 'point the interface to it:'
> 
> Additional information:

Setting to Modified.
Comment 2 Scott Mumford 2014-02-26 05:14:51 UTC 
Moving to ON_QA.

The changes should be available for review on the documentation stage within an hour or so from this comment.

http://documentation-devel.engineering.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/
Comment 3 Scott Mumford 2014-02-26 05:16:17 UTC 
Moving to ON_QA.

The changes should be available for review on the documentation stage within an hour or so from this comment.

http://documentation-devel.engineering.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/
Comment 4 Ondrej Lukas 2014-02-26 14:26:58 UTC 
Verified on stage.