Add Domain Controller Public Key to CLI Truststore: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 13: Line 13:
=Overview=
=Overview=


The management interface may be protected by configuring it to require all management traffic to go over SSL/TLS. This adds an additional layer of security by preventing management traffic to travel in clear over the network. These are various procedures to enable SSL/TLS on the management interfaces: [[WildFly_Management_API_Configuration#Enabling_SSL.2FTSL_for_the_Management_Interfaces|Enabling SSL/TLS for Management Interfaces]].
The management interface may be protected by configuring it to require all management traffic to go over SSL/TLS. This adds an additional layer of security by preventing management traffic to travel in clear over the network. SSL/TLS enablement on management interfaces is described here: [[WildFly_Management_API_Configuration#Enabling_SSL.2FTSL_for_the_Management_Interfaces|Enabling SSL/TLS for Management Interfaces]].


However, when the management interface is protected by SSL/TLS, but without additional configuration on CLI client side, the CLI does not recognizes by default the server certificate and challenges the user to manually accept the certificate:
However, when the management interface is protected by SSL/TLS, but without additional configuration on CLI client side, the CLI does not recognizes by default the server certificate and challenges the user to manually accept the certificate:

Revision as of 22:37, 20 March 2017

External

Internal

Relevance

EAP 7

Overview

The management interface may be protected by configuring it to require all management traffic to go over SSL/TLS. This adds an additional layer of security by preventing management traffic to travel in clear over the network. SSL/TLS enablement on management interfaces is described here: Enabling SSL/TLS for Management Interfaces.

However, when the management interface is protected by SSL/TLS, but without additional configuration on CLI client side, the CLI does not recognizes by default the server certificate and challenges the user to manually accept the certificate:

TODO: try non-local auth and see if this works without manual challenge.

TODO: Mention if this only happens for local authentication. 



Retrieved from "https://kb.novaordis.com/index.php?title=Add_Domain_Controller_Public_Key_to_CLI_Truststore&oldid=18575"