-
Bug
-
Resolution: Done
-
Blocker
-
None
-
None
-
None
Following Zach's notes on How to setup 2 way TLS I am unable to setup it properly. User is not requested by browser for specifying client certificate and get access to application without certificate.
In log you there is:
1. Server send request for certificate
^[[0m^[[0m13:55:33,309 INFO [stdout] (default task-1) *** CertificateRequest ^[[0m^[[0m13:55:33,309 INFO [stdout] (default task-1) Cert Types: RSA, DSS, ECDSA ^[[0m^[[0m13:55:33,309 INFO [stdout] (default task-1) Cert Authorities: ^[[0m^[[0m13:55:33,310 INFO [stdout] (default task-1) <CN=client>
2. And client responds with empty certificate chain. Without asking for certificate
^[[0m^[[0m13:55:33,432 INFO [stdout] (default task-2) *** Certificate chain ^[[0m^[[0m13:55:33,432 INFO [stdout] (default task-2) <Empty> ^[[0m^[[0m13:55:33,432 INFO [stdout] (default task-2) ***
I am attaching:
- server.log - server log with -Djavax.net.debug=all turn on.
- 2wayTLS.pcap - wireshark recording of port 8443
- secured-app - tested application
- clones
-
JBEAP-6205 Unable to setup CLIENT_CERT authentication with elytron.
- Closed