Closed
Description
We would like to protect the console using client certificates. To do this, we have enabled useClientAuth in the console configuration.
Configuration:
...
console:
expose: true
exposeMode: ingress
name: console
sslEnabled: true
sslSecret: my-mapping-ssl-cert
trustSecret: my-mapping-ssl-cert
useClientAuth: true
...
This has worked so far. The JaaS TextFileCertificateLoginModule maps the certificate provided by the client to a user and group.
However, once this is activated, the following errors appear in the status field of the ActiveMQArtemis resource:
...
- lastTransitionTime: "2024-10-17T10:48:03Z"
message: 'Get "https://aQ0IvDAb:***@my-broker-ss-0.my-broker-hdls-svc.my-namespace.svc.cluster.local:8161/console/jolokia/read/org.apache.activemq.artemis:broker=%22amq-broker%22/Status": remote error: tls: bad certificate'
reason: UnableToRetrieveStatus
status: Unknown
type: BrokerPropertiesApplied
- lastTransitionTime: "2024-10-17T10:48:32Z"
message: 'Get "https://aQ0IvDAb:***@my-broker-ss-0.my-broker-hdls-svc.my-namespace.svc.cluster.local:8161/console/jolokia/read/org.apache.activemq.artemis:broker=%22amq-broker%22/Status": remote error: tls: bad certificate'
reason: UnableToRetrieveStatus
status: Unknown
type: BrokerVersionAligned
- lastTransitionTime: "2024-10-16T06:30:50Z"
message: 'Get "https://aQ0IvDAb:***@my-broker-ss-0.my-broker-hdls-svc.my-namespace.svc.cluster.local:8161/console/jolokia/read/org.apache.activemq.artemis:broker=%22amq-broker%22/Status": remote error: tls: bad certificate'
reason: UnableToRetrieveStatus
status: Unknown
type: JaasPropertiesApplied
...
I think the Jolokia client itself should also provide a client certificate. At the moment, there seems to be no way to do this?