jbossjboss7.x

Securing JBoss admin console with SSL (HTTPS) not working

I'm running jboss-as-7.1.1.Final in a domain mode. When I applied the changes to host.xml and domain.xml, I received the following errors:

[Host Controller] Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[25,17] [Host Controller] Message: JBAS014789: Unexpected element '{urn:jboss:domain:1.2}socket-binding' encountered

HOST.XML

<host name="master" xmlns="urn:jboss:domain:1.2">

    <management>
        <security-realms>
            <security-realm name="ManagementRealm">
                <server-identities>
                    <ssl protocol="TLS">
                        <keystore path="keystore" relative-to="jboss.server.config.dir" password="password"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
            </security-realm>
        </security-realms>
        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket-binding native="management-native"/> 
            </native-interface>
            <http-interface security-realm="ManagementRealm">
                <socket-binding http="management-console-https"/> 
            </http-interface>
        </management-interfaces>
    </management>

DOMAIN.XML

            <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host">
                <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
                <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
                    <ssl password="password" certificate-key-file="$PATH/keystore" protocol="TLSv1" verify-client="false" certificate-file="$PATH/keystore"/>
                </connector>
                <virtual-server name="default-host" enable-welcome-root="true">
                    <alias name="localhost"/>
                    <alias name="example.com"/>
                </virtual-server>
            </subsystem>

    <socket-binding-groups>
        <socket-binding-group name="full-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
            <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
            <socket-binding name="management-console-https" interface="management" port="${jboss.management.console.https.port:9143}"/>
            <socket-binding name="ajp" port="8009"/>
            <socket-binding name="http" port="8080"/>
            <socket-binding name="https" port="8443"/>
Solution

  • Adding "secure-port" to the "http-interface" tag in host.xml worked for me:

    <socket interface="management" port="${jboss.management.http.port:9990}" secure-port="9143"/>

    domain.xml

    <socket-binding name="management-https" interface="management" port="9143"/>