Document URL: https://access.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html/admin_and_config/jboss_on_and_ssl-authentication Section Number and Name: Procedure 4.1. (Optional) Adding a new tomcat web connector Describe the issue: The example is not working with JON server, there are 2 issues: 1) JON server is not listening on 9999 port so the command fails 2) password and alias for default stores are not correct Suggestions for improvement: 1) all commands must contain --controller=127.0.0.1:6999 e.g.: jboss-cli.sh --controller=127.0.0.1:6999 --connect --command='/:reload' 2) alias should be RHQ, not sure about password -> asking developers Additional information:
> 2) alias should be RHQ, not sure about password -> asking developers Thanks Filip
Adding bz1028472 which is relevant for last step in the referenced chapter
Fixed steps should look like this: 1) jboss-cli.sh --controller=127.0.0.1:6999 --connect --command='/socket-binding-group=standard-sockets/socket-binding=httpsbrowser/:add(port=9443)' 2) jboss-cli.sh --controller=127.0.0.1:6999 --connect --command='/subsystem=web/connector=httpsbrowser/:add(socket-binding=httpsbrowser,scheme=https,protocol=HTTP/1.1,secure=true,enabled=true)' 3) jboss-cli.sh --controller=127.0.0.1:6999 --connect --command='/subsystem=web/connector=httpsbrowser/ssl=configuration:add(name=ssl,verify-client=false,key-alias=RHQ,password=${VAULT::restricted::rhq.server.tomcat.security.keystore.password::5fb458952ebdaa86aa0b4e8d3eac5d13},certificate-key-file=${jboss.server.config.dir}/rhq.keystore,certificate-file=${jboss.server.config.dir}/rhq.keystore' 4) jboss-cli.sh --controller=127.0.0.1:6999 --connect --command='/:reload'
I think the answer here is that JBoss ON server does not support the reload operation. Instead, step 4) should be "Restart the JBoss ON Server: `rhqctl restart --server` Perhaps one of the devs can confirm but I think our limitation here is that the JBoss ON components (EAR, WAR, EJBs) get deployed by some rhq-start module. Maybe its a straight forward fix to support the reload but I imagine if it were, rhq would already support it.
Updated config guide: Setting up Client Authentication Between Servers and Agents to include --controller=127.0.0.1:6999 and removing references to non-existent reload function. Git merge: https://gitlab.cee.redhat.com/red-hat-jboss-operations-network-documentation/doc-jon-docs/merge_requests/120 Preview: https://access.qa.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/admin_and_config/#JBoss_ON_and_SSL-Authentication Moving to QA
Updated procedure is live on the customer portal at: https://access.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/admin_and_config/#JBoss_ON_and_SSL-Authentication