Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-646

Unable to setup CLIENT_CERT authentication with elytron.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • None
    • SSL
    • None

      Following Zach's notes on How to setup 2 way TLS I am unable to setup it properly. User is not requested by browser for specifying client certificate and get access to application without certificate.

      In log you there is:
      1. Server send request for certificate

      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) *** CertificateRequest
      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Types: RSA, DSS, ECDSA
      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Authorities:
      ^[[0m^[[0m13:55:33,310 INFO  [stdout] (default task-1) <CN=client>
      

      2. And client responds with empty certificate chain. Without asking for certificate

      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) *** Certificate chain
      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) <Empty>
      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) ***
      

      I am attaching:

      • server.log - server log with -Djavax.net.debug=all turn on.
      • 2wayTLS.pcap - wireshark recording of port 8443
      • secured-app - tested application

              jkalina@redhat.com Jan Kalina (Inactive)
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: