1250323 – Not able to register KIE server if we use https protocol.

Bug 1250323 - Not able to register KIE server if we use https protocol.

Summary: Not able to register KIE server if we use https protocol.

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	JBoss BPMS Platform 6
Classification:	Retired
Component:	Kie-Server
Sub Component:
Version:	6.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	ER4
Target Release:	6.2.0
Assignee:	Edson Tirelli
QA Contact:	Jakub Schwan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1250338
TreeView+	depends on / blocked

Reported:	2015-08-05 07:26 UTC by Abhijit humbe
Modified:	2020-03-27 20:11 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1250338 (view as bug list)
Environment:
Last Closed:	2020-03-27 20:11:10 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Abhijit humbe 2015-08-05 07:26:06 UTC

Description of problem:
We are not able to register KIE-server through business central console if we are accessing kie-server over https protocol. We can access kie-server REST API's(https://localhost:8443/kie-server/services/rest/server/)over https through browser but not able to register server.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create https connector in standalone.xml file by adding following tag in 'web' subsystem
~~~
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
    <ssl name="https" key-alias="mykey" password="password" certificate-key-file="/path/to/keystore.jks"/>
</connector>
~~~
2.Start server instance, login into business central console and go to "Deploy"-->"Rule Deployments"
3.Try to register KIE-server using following URL:
~~~
https://localhost:8443/kie-server/services/rest/server/
~~~
4. It fails with exception "Can't connect to endpoint." 

Actual results:
Not able to register kie-server over https protocol.

Expected results:
Kie-server should be registered successfully over https protocol as well.

Additional info:

Comment 2 Maciej Swiderski 2015-09-09 13:48:32 UTC

this issue is most likely caused by ssl configuration on localhost. Here are steps that should be followed (and assume they were but just listing them for completeness)

- request or order certificate to be used on the server - referenced in description as keystone.jks
- collect actual certificate from the server and import into trust store of the jvm that your client is working on - one that workbench is running

with that you would be able to use it over https if you're running your servers on remote hosts for local host you will get an exception that localhost cannot be verified

to workaround that problem you would have to register custom HostNameVerifier that will accept the localhost as verified host.

I created PR for this to be included in kid-remote-common module that is waiting for review: https://github.com/droolsjbpm/droolsjbpm-integration/pull/186

in that PR you can find the way it can be registered, not that it can be registered statically as well so it would have been done only once.

Comment 3 Marco Rietveld 2015-09-23 15:01:59 UTC

Merged and cherry-picked: 

master:
https://github.com/droolsjbpm/droolsjbpm-integration/commit/6bcb887a

6.3.x: 
https://github.com/droolsjbpm/droolsjbpm-integration/commit/48522bc8

Comment 4 Alessandro Lazarotti 2015-10-05 22:31:26 UTC

by the maciej comment I think this should be properly documented to get the issue fully solved. Is that correct ?

Comment 5 Maciej Swiderski 2015-10-06 12:17:12 UTC

yes, it should be documented as how to configure ssl use for proper interaction between workbench and kie server

Comment 6 Jakub Schwan 2015-10-21 11:54:43 UTC

Verified in 6.2.0 ER4

Note You need to log in before you can comment on or make changes to this bug.