I found a solution. I replaced the engine tag <w:engine enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" />
with <w:engine enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" /> Seems that the standard configuration of the undertow.xml is outdated. Best Gerald > Gerald Kallas <catsh...@mailbox.org> hat am 14.08.2020 19:20 geschrieben: > > > Dear all, > > I did setup a vanilla Karaf 4.3.0RC1 and executed the following commands > > feature:install pax-http-undertow > feature:install webconsole > > How can I bind the webconsole (and later camel servlets) to the HTTPS port? > > Many thanks in advance. > > My undertow.xml looks like > > <?xml version="1.0" encoding="UTF-8"?> > <!-- > Licensed under the Apache License, Version 2.0 (the "License"); > you may not use this file except in compliance with the License. > You may obtain a copy of the License at > > http://www.apache.org/licenses/LICENSE-2.0 > > Unless required by applicable law or agreed to in writing, software > distributed under the License is distributed on an "AS IS" BASIS, > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. > > See the License for the specific language governing permissions and > limitations under the License. > --> > <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:w="urn:jboss:domain:5.0" > xmlns:io="urn:jboss:domain:io:3.0" > xsi:schemaLocation=" > urn:jboss:domain:io:3.0 > http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd > urn:jboss:domain:undertow:4.0 > http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd > urn:jboss:domain:5.0 > http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd";> > > <!-- > Only "default" worker and buffer-pool are supported and can be used > to override the default values > used by all listeners > > buffer-pool: > - buffer-size defaults to: > - when < 64MB of Xmx: 512 > - when < 128MB of Xmx: 1024 > - when >= 128MB of Xmx: 16K - 20 > - direct-buffers defaults to: > - when < 64MB of Xmx: false > - when >= 64MB of Xmx: true > > worker: > - io-threads defaults to > Math.max(Runtime.getRuntime().availableProcessors(), 2); > - task-core-threads and task-max-threads default to io-threads * 8 > --> > <!-- > <subsystem xmlns="urn:jboss:domain:io:3.0"> > <buffer-pool name="default" buffer-size="16364" direct-buffers="true" > /> > <worker name="default" io-threads="8" task-core-threads="64" > task-max-threads="64" /> > </subsystem> > --> > > <!-- > https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration > --> > <subsystem xmlns="urn:jboss:domain:undertow:4.0"> > <!-- org.wildfly.extension.undertow.BufferCacheDefinition --> > <buffer-cache name="default" buffer-size="1024" > buffers-per-region="1024" max-regions="10" /> > <server name="default-server"> > <!-- HTTP(S) Listener references Socket Binding (and indirectly - > Interfaces) --> > <http-listener name="http" socket-binding="http" /> > <!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, > org.xnio.SslClientAuthMode.REQUESTED, org.xnio.SslClientAuthMode.REQUIRED --> > <https-listener name="https" socket-binding="https" > security-realm="default" verify-client="NOT_REQUESTED" /> > <host name="default-host" alias="localhost"> > <!--<location name="/" handler="welcome-content" />--> > <!--<location name="/docs" handler="docs-content" />--> > <access-log directory="${karaf.data}/log" pattern="common" > prefix="access_log." suffix="log" rotate="true" /> > <filter-ref name="server-header" /> > <filter-ref name="x-powered-by-header" /> > </host> > </server> > <servlet-container name="default"> > <jsp-config /> > <websockets /> > <welcome-files> > <welcome-file name="index.html" /> > <welcome-file name="index.txt" /> > </welcome-files> > </servlet-container> > <handlers> > <file name="welcome-content" path="${karaf.home}/welcome" /> > <!--<file name="docs-content" path="${karaf.home}/docs" />--> > </handlers> > <filters> > <!-- filters for reference from /host/filter-ref and > /host/location/filter-ref --> > <response-header name="server-header" header-name="Server" > header-value="Pax-HTTP-Undertow" /> > <response-header name="x-powered-by-header" > header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" /> > </filters> > </subsystem> > > <!-- https://docs.jboss.org/author/display/WFLY/Security+Realms --> > <!-- > we'll use "default" security realm by default to configure > jaas/properties authentication > (io.undertow.security.idm.IdentityManager): > - w:jaas - > org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager > - w:properties - > org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager > --> > <security-realm name="default"> > <w:server-identities> > <w:ssl> > <!-- sun.security.ssl.ProtocolVersion --> > <!-- sun.security.ssl.CipherSuite --> > <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort > --> > <w:engine > > enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" > enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" /> > <w:keystore path="${karaf.etc}/keystore.p12" > provider="PKCS12" alias="server" > keystore-password="password" key-password="password" > generate-self-signed-certificate-host="localhost" /> > </w:ssl> > </w:server-identities> > <w:authentication> > <!-- JaasIdentityManager for given realm --> > <w:jaas name="karaf" /> > <!-- OR PropertiesIdentityManager (mutually exclusive with > <w:jaas>) --> > <!--<w:properties path="users.properties" />--> > <w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" > keystore-password="password" /> > </w:authentication> > > <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name> > > <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name> > <!--<role-principal-class-name>...</role-principal-class-name>--> > </security-realm> > > <!-- Interface lists IP addresses to bind to --> > <interface name="default"> > <w:inet-address value="0.0.0.0" /> > <!--<w:inet-address value="127.0.0.1" />--> > </interface> > > <!-- Socket Binding adds port for each IP from referenced Interface --> > <socket-binding name="http" interface="default" > port="${org.osgi.service.http.port}" /> > <socket-binding name="https" interface="default" > port="${org.osgi.service.http.port.secure}" /> > > </undertow> > > The log shows > > 2020-08-14T19:12:59,801 | INFO | paxweb-config-1-thread-1 | > ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - > 7.2.14 | Using > "file:/E:/apache-karaf/apache-karaf-4.3.0.RC1/etc/undertow.xml" to configure > Undertow > 2020-08-14T19:13:00,018 | INFO | activator-1-thread-2 | > BouncyCastleSecurityProviderRegistrar | 39 - org.apache.sshd.core - 1.7.0 | > getOrCreateProvider(BC) created instance of > org.bouncycastle.jce.provider.BouncyCastleProvider > 2020-08-14T19:13:00,050 | INFO | paxweb-config-1-thread-1 | > ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - > 7.2.14 | Starting undertow http listener on 0.0.0.0:8181 > 2020-08-14T19:13:00,052 | INFO | paxweb-config-1-thread-1 | > ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - > 7.2.14 | Starting undertow https listener on 0.0.0.0:8443 > 2020-08-14T19:13:00,093 | INFO | activator-1-thread-2 | CommandExtension > | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering > commands for bundle org.apache.karaf.features.command/4.3.0.RC1 > 2020-08-14T19:13:00,244 | INFO | activator-1-thread-2 | Activator > | 20 - org.apache.karaf.deployer.features - 4.3.0.RC1 | > Deployment finished. Registering FeatureDeploymentListener > 2020-08-14T19:13:00,310 | INFO | activator-1-thread-3 | CommandExtension > | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering > commands for bundle org.apache.karaf.kar.core/4.3.0.RC1 > 2020-08-14T19:13:00,320 | INFO | activator-1-thread-2 | FeaturesPlugin > | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | > Features plugin deactivated > 2020-08-14T19:13:00,333 | INFO | activator-1-thread-2 | FeaturesPlugin > | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | > Features plugin activated > 2020-08-14T19:13:00,813 | INFO | activator-1-thread-2 | CommandExtension > | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering > commands for bundle org.apache.karaf.shell.ssh/4.3.0.RC1 > 2020-08-14T19:13:01,295 | INFO | paxweb-config-1-thread-1 | > ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow - > 7.2.14 | Using in-memory session persistence > 2020-08-14T19:13:01,344 | INFO | paxweb-config-1-thread-1 | > HttpServiceFactoryImpl | 62 - org.ops4j.pax.web.pax-web-runtime - > 7.2.14 | Binding bundle: [org.apache.karaf.webconsole.console [72]] to http > service
