Bug 840403 (JON3-19, PRODMGT-454) - the plugin for JBoss EAP 6 / AS 7 needs to support SSL/TLS encryption and authentication
Summary: the plugin for JBoss EAP 6 / AS 7 needs to support SSL/TLS encryption and aut...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: JON3-19, PRODMGT-454
Product: JBoss Operations Network
Classification: JBoss
Component: Plugin -- JBoss EAP 6, Security
Version: JON 3.1.0
Hardware: All
OS: All
unspecified
high
Target Milestone: DR01
: JON 3.3.0
Assignee: Thomas Segismont
QA Contact: Filip Brychta
URL:
Whiteboard:
Depends On:
Blocks: 840404 1062552
TreeView+ depends on / blocked
 
Reported: 2012-07-16 09:23 UTC by Tom Fonteyne
Modified: 2018-12-09 16:49 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 840404 1062552 (view as bug list)
Environment:
Last Closed: 2014-12-11 14:01:03 UTC
Type: Feature Request
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker PRODMGT-454 0 Major Closed The EAP 6 plug-in does not support a secure HTTP transport (SSL/HTTPS) 2018-04-17 11:50:18 UTC
Red Hat Knowledge Base (Solution) 315743 0 None None None Never

Comment 2 Charles Crouch 2012-08-14 16:06:46 UTC 
Targeting for consideration in JON320
Comment 3 Larry O'Leary 2013-06-26 12:50:40 UTC 
This BZ represents a request that the AS7 / EAP 6 managed plug-in needs to support SSL (HTTPS) along with client auth to handle cases in where the EAP HTTP management interface has been secured using SSL.
Comment 9 Thomas Segismont 2014-02-04 17:15:47 UTC 
Merged in master

commit a201914f7204e59fb40ce3eba2cbbea7accd728c
Author: Thomas Segismont <tsegismo>
Date:   Wed Jan 22 16:02:06 2014 +0100
Comment 10 Stian Lund 2014-03-21 10:10:01 UTC 
So basically, now AS7/EAP is SSL by default, and requires a lot more configuration on part of user.

I think there's a misunderstanding on the meaning of "needs to support" instead of "requires".
Comment 11 Thomas Segismont 2014-03-21 10:36:58 UTC 
(In reply to Stian Lund from comment #10)
> So basically, now AS7/EAP is SSL by default, and requires a lot more
> configuration on part of user.

Who said that?

> 
> I think there's a misunderstanding on the meaning of "needs to support"
> instead of "requires".

Unless I missed something, AS7Plugin now supports but does not require SSL protected servers.
Comment 12 Stian Lund 2014-03-21 11:52:54 UTC 
> Who said that?

Well, I said it :)

> Unless I missed something, AS7Plugin now supports but does not require SSL protected servers.

Well, the problem is, that when discovering new AS7 servers, it uses the management-https port by default, leading to us having to change the port to standard mangement-http manually and turn off encryption.

I made a question on the RHQ forums about the same, and asked if there was any setting to override this behaviour.

Stian
Comment 13 Thomas Segismont 2014-03-21 13:17:09 UTC 
(In reply to Stian Lund from comment #12)
> Well, the problem is, that when discovering new AS7 servers, it uses the
> management-https port by default, leading to us having to change the port to
> standard mangement-http manually and turn off encryption.
> 

AS7 plugin *chooses* https port if it is configured. It's a preference when both http and https port are accessible.
Comment 14 Stian Lund 2014-03-21 14:09:43 UTC 
> AS7 plugin *chooses* https port if it is configured. It's a preference when both http and https port are accessible.

Hmm... so any way to override this choice and only use http? Because otherwise we will need to change all our AS7 servers to not have management-https configured or do a lot of changes in RHQ.
Comment 15 Simeon Pinder 2014-07-31 15:51:54 UTC 
Moving to ON_QA as available to test with brew build of DR01: https://brewweb.devel.redhat.com//buildinfo?buildID=373993
Note You need to log in before you can comment on or make changes to this bug.