See: https://issues.jboss.org/browse/WFLY-1177 EAP/WildFly does not yet support attribute values like ${x:${y}/foo} We need this in two places - for the keystore attribute and for the truststore attribute (on the ssl configuration resource). We have workaround code in: org.rhq.enterprise.server.installer.ServerInstallUtil.setupWebConnectors that will recursively evaluate the values - but this means once the installer finishes, the user can't go in rhq-server.properties and change these values and have them take effect on restart: rhq.server.tomcat.security.keystore.file=${jboss.server.config.dir}/rhq.keystore rhq.server.tomcat.security.truststore.file=${jboss.server.config.dir}/rhq.truststore Instead, the user has to go into the jbossas/standalone/configuration/standalone-full.xml file and change the values directly. Once WFLY-1177 is fixed and we move away from supporting EAP 6.1.alpha, we can remove this code to allow users to be able to change those settings, restart the server and have it take effect without knowing they have to change standalone-full.xml. Here's the code that needs to change: 1) In org.rhq.enterprise.server.installer.ServerInstallUtil.setupWebConnectors: 1a) remove this comment obviously: // https://issues.jboss.org/browse/WFLY-1177 - we need to resolve the paths right now. the user won't be able // to change these again in the future unless they go directly into standalone.xml and change it manually 1b) do not store the resolved paths back into the configuration object, so remove these two lines: connector.getSslConfiguration().setCaCertificateFile(truststoreFileString); ... connector.getSslConfiguration().setCertificateKeyFile(keystoreFileString); I think that's all that needs to be done in this class. 2) In rhq-container.build.xml, just remove the comment: # [Due to issue https://issues.jboss.org/browse/WFLY-1177, you cannot change # rhq.server.tomcat.security.keystore.file or rhq.server.tomcat.security.truststore.file # after you install RHQ. If you need to change those again, you must manually do so in standalone-full.xml.]
don't forget to change: https://docs.jboss.org/author/display/RHQ/Securing+Communications First, remove the note about this issue. Second, this wiki page has a snippet of the rhq-server.properties including the comment: # [Due to issue https://issues.jboss.org/browse/WFLY-1177, you cannot change # rhq.server.tomcat.security.keystore.file or rhq.server.tomcat.security.truststore.file # after you install RHQ. If you need to change those again, you must manually do so in standalone-full.xml.] Remove both instances of that comment from the wiki page (its in there in two places).
There are actually three wiki pages that need to be touched once we remove the workaround code. There are yellow boxes about this issue on these three: https://docs.jboss.org/author/display/RHQ/Running+The+Installer https://docs.jboss.org/author/display/RHQ/Securing+Communications https://docs.jboss.org/author/display/RHQ/Startup+Properties remove the blurb about this issue from all three. The blurb reads something like this "Due to some limitations within the app server, there are two RHQ settings that will not take effect immediately upon restart if you change their values after the initial installation. These are settings for the web connector's keystore and truststore file locations (rhq.server.tomcat.security.keystore.file and rhq.server.tomcat.security.truststore.file). If you ever need to change those values after you've installed RHQ, you will need to change them in the app server's standalone/configuration/standalone-full.xml file in the <ssl> node of the https <connector>."