[GitHub] [activemq-artemis] pwright commented on a change in pull request #3772: NO-JIRA clarify console access using certs

[GitBox <gi...@apache.org>]

pwright commented on a change in pull request #3772:
URL: https://github.com/apache/activemq-artemis/pull/3772#discussion_r715579651



##########
File path: docs/user-manual/en/security.md
##########
@@ -1323,6 +1323,32 @@ extra properties described as below.
 
 - `trustStorePassword` - The trust store's password.
 
+### Config access using client certificates
+The web console supports the authentication with client certificates, see the following steps:  

Review comment:
       ```suggestion
   The web console supports authentication with client certificates, see the following steps:  
   ```

##########
File path: docs/user-manual/en/security.md
##########
@@ -1323,6 +1323,32 @@ extra properties described as below.
 
 - `trustStorePassword` - The trust store's password.
 
+### Config access using client certificates
+The web console supports the authentication with client certificates, see the following steps:  
+- Add the [certificate login module](#certificateloginmodule) to the `login.config` file, i.e.
+```
+activemq-cert {
+   org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required
+       debug=true
+       org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
+       org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
+};
+```
+- Change the hawtio realm to match the realm defined in the `login.config` file
+for the [certificate login module](#certificateloginmodule). This is configured in the `artemis.profile` via the system property `-Dhawtio.role=activemq-cert`.
+- Enable secure access using HTTPS protocol with the client authentication:
+```xml
+<web bind="https://localhost:8443"
+    path="web"
+    keyStorePath="${artemis.instance}/etc/keystore.jks"
+    keyStorePassword="password"
+    clientAuth="true"
+    trustStorePath="${artemis.instance}/etc/truststore.jks"
+    trustStorePassword="password">
+    <app url="jolokia" war="jolokia-war-1.3.5.war"/>
+</web>
+```
+

Review comment:
       where is the client cert?

##########
File path: docs/user-manual/en/security.md
##########
@@ -1323,6 +1323,32 @@ extra properties described as below.
 
 - `trustStorePassword` - The trust store's password.
 
+### Config access using client certificates
+The web console supports the authentication with client certificates, see the following steps:  
+- Add the [certificate login module](#certificateloginmodule) to the `login.config` file, i.e.
+```
+activemq-cert {
+   org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required
+       debug=true
+       org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
+       org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
+};
+```
+- Change the hawtio realm to match the realm defined in the `login.config` file
+for the [certificate login module](#certificateloginmodule). This is configured in the `artemis.profile` via the system property `-Dhawtio.role=activemq-cert`.
+- Enable secure access using HTTPS protocol with the client authentication:

Review comment:
       ```suggestion
   - Enable secure access using HTTPS protocol with client authentication:
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@activemq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org