Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1250323

Summary: Not able to register KIE server if we use https protocol.
Product: [Retired] JBoss BPMS Platform 6 Reporter: Abhijit humbe <abhumbe>
Component: Kie-ServerAssignee: Edson Tirelli <etirelli>
Status: CLOSED EOL QA Contact: Jakub Schwan <jschwan>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.1.0CC: alazarot, jschwan, kverlaen, manstis, smcgowan, trikkola
Target Milestone: ER4   
Target Release: 6.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1250338 (view as bug list) Environment:
Last Closed: 2020-03-27 20:11:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1250338    

Description Abhijit humbe 2015-08-05 07:26:06 UTC 
Description of problem:
We are not able to register KIE-server through business central console if we are accessing kie-server over https protocol. We can access kie-server REST API's(https://localhost:8443/kie-server/services/rest/server/)over https through browser but not able to register server.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create https connector in standalone.xml file by adding following tag in 'web' subsystem
~~~
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
    <ssl name="https" key-alias="mykey" password="password" certificate-key-file="/path/to/keystore.jks"/>
</connector>
~~~
2.Start server instance, login into business central console and go to "Deploy"-->"Rule Deployments"
3.Try to register KIE-server using following URL:
~~~
https://localhost:8443/kie-server/services/rest/server/
~~~
4. It fails with exception "Can't connect to endpoint." 

Actual results:
Not able to register kie-server over https protocol.

Expected results:
Kie-server should be registered successfully over https protocol as well.

Additional info:
Comment 2 Maciej Swiderski 2015-09-09 13:48:32 UTC 
this issue is most likely caused by ssl configuration on localhost. Here are steps that should be followed (and assume they were but just listing them for completeness)

- request or order certificate to be used on the server - referenced in description as keystone.jks
- collect actual certificate from the server and import into trust store of the jvm that your client is working on - one that workbench is running

with that you would be able to use it over https if you're running your servers on remote hosts for local host you will get an exception that localhost cannot be verified

to workaround that problem you would have to register custom HostNameVerifier that will accept the localhost as verified host.

I created PR for this to be included in kid-remote-common module that is waiting for review: https://github.com/droolsjbpm/droolsjbpm-integration/pull/186

in that PR you can find the way it can be registered, not that it can be registered statically as well so it would have been done only once.
Comment 3 Marco Rietveld 2015-09-23 15:01:59 UTC 
Merged and cherry-picked: 

master:
https://github.com/droolsjbpm/droolsjbpm-integration/commit/6bcb887a

6.3.x: 
https://github.com/droolsjbpm/droolsjbpm-integration/commit/48522bc8
Comment 4 Alessandro Lazarotti 2015-10-05 22:31:26 UTC 
by the maciej comment I think this should be properly documented to get the issue fully solved. Is that correct ?
Comment 5 Maciej Swiderski 2015-10-06 12:17:12 UTC 
yes, it should be documented as how to configure ssl use for proper interaction between workbench and kie server
Comment 6 Jakub Schwan 2015-10-21 11:54:43 UTC 
Verified in 6.2.0 ER4