Bug 1250323 - Not able to register KIE server if we use https protocol.
Not able to register KIE server if we use https protocol.
Product: JBoss BPMS Platform 6
Classification: JBoss
Component: Kie-Server (Show other bugs)
Unspecified Unspecified
urgent Severity urgent
: ER4
: 6.2.0
Assigned To: Maciej Swiderski
Jakub Schwan
Depends On:
Blocks: 1250338
  Show dependency treegraph
Reported: 2015-08-05 03:26 EDT by Abhijit humbe
Modified: 2016-09-20 01:07 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1250338 (view as bug list)
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Abhijit humbe 2015-08-05 03:26:06 EDT
Description of problem:
We are not able to register KIE-server through business central console if we are accessing kie-server over https protocol. We can access kie-server REST API's(https://localhost:8443/kie-server/services/rest/server/)over https through browser but not able to register server.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create https connector in standalone.xml file by adding following tag in 'web' subsystem
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
    <ssl name="https" key-alias="mykey" password="password" certificate-key-file="/path/to/keystore.jks"/>
2.Start server instance, login into business central console and go to "Deploy"-->"Rule Deployments"
3.Try to register KIE-server using following URL:
4. It fails with exception "Can't connect to endpoint." 

Actual results:
Not able to register kie-server over https protocol.

Expected results:
Kie-server should be registered successfully over https protocol as well.

Additional info:
Comment 2 Maciej Swiderski 2015-09-09 09:48:32 EDT
this issue is most likely caused by ssl configuration on localhost. Here are steps that should be followed (and assume they were but just listing them for completeness)

- request or order certificate to be used on the server - referenced in description as keystone.jks
- collect actual certificate from the server and import into trust store of the jvm that your client is working on - one that workbench is running

with that you would be able to use it over https if you're running your servers on remote hosts for local host you will get an exception that localhost cannot be verified

to workaround that problem you would have to register custom HostNameVerifier that will accept the localhost as verified host.

I created PR for this to be included in kid-remote-common module that is waiting for review: https://github.com/droolsjbpm/droolsjbpm-integration/pull/186

in that PR you can find the way it can be registered, not that it can be registered statically as well so it would have been done only once.
Comment 4 Alessandro Lazarotti 2015-10-05 18:31:26 EDT
by the maciej comment I think this should be properly documented to get the issue fully solved. Is that correct ?
Comment 5 Maciej Swiderski 2015-10-06 08:17:12 EDT
yes, it should be documented as how to configure ssl use for proper interaction between workbench and kie server
Comment 6 Jakub Schwan 2015-10-21 07:54:43 EDT
Verified in 6.2.0 ER4

Note You need to log in before you can comment on or make changes to this bug.