Description of problem: We are not able to register KIE-server through business central console if we are accessing kie-server over https protocol. We can access kie-server REST API's(https://localhost:8443/kie-server/services/rest/server/)over https through browser but not able to register server. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Create https connector in standalone.xml file by adding following tag in 'web' subsystem ~~~ <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="https" key-alias="mykey" password="password" certificate-key-file="/path/to/keystore.jks"/> </connector> ~~~ 2.Start server instance, login into business central console and go to "Deploy"-->"Rule Deployments" 3.Try to register KIE-server using following URL: ~~~ https://localhost:8443/kie-server/services/rest/server/ ~~~ 4. It fails with exception "Can't connect to endpoint." Actual results: Not able to register kie-server over https protocol. Expected results: Kie-server should be registered successfully over https protocol as well. Additional info:
this issue is most likely caused by ssl configuration on localhost. Here are steps that should be followed (and assume they were but just listing them for completeness) - request or order certificate to be used on the server - referenced in description as keystone.jks - collect actual certificate from the server and import into trust store of the jvm that your client is working on - one that workbench is running with that you would be able to use it over https if you're running your servers on remote hosts for local host you will get an exception that localhost cannot be verified to workaround that problem you would have to register custom HostNameVerifier that will accept the localhost as verified host. I created PR for this to be included in kid-remote-common module that is waiting for review: https://github.com/droolsjbpm/droolsjbpm-integration/pull/186 in that PR you can find the way it can be registered, not that it can be registered statically as well so it would have been done only once.
Merged and cherry-picked: master: https://github.com/droolsjbpm/droolsjbpm-integration/commit/6bcb887a 6.3.x: https://github.com/droolsjbpm/droolsjbpm-integration/commit/48522bc8
by the maciej comment I think this should be properly documented to get the issue fully solved. Is that correct ?
yes, it should be documented as how to configure ssl use for proper interaction between workbench and kie server
Verified in 6.2.0 ER4