Following Zach's notes on How to setup 2 way TLS I am unable to setup it properly. User is not requested by browser for specifying client certificate and get access to application without certificate.
In log you there is:
1. Server send request for certificate
^[[0m^[[0m13:55:33,309 INFO [stdout] (default task-1) *** CertificateRequest ^[[0m^[[0m13:55:33,309 INFO [stdout] (default task-1) Cert Types: RSA, DSS, ECDSA ^[[0m^[[0m13:55:33,309 INFO [stdout] (default task-1) Cert Authorities: ^[[0m^[[0m13:55:33,310 INFO [stdout] (default task-1) <CN=client>
2. And client responds with empty certificate chain. Without asking for certificate
^[[0m^[[0m13:55:33,432 INFO [stdout] (default task-2) *** Certificate chain ^[[0m^[[0m13:55:33,432 INFO [stdout] (default task-2) <Empty> ^[[0m^[[0m13:55:33,432 INFO [stdout] (default task-2) ***
I am attaching:
- server.log - server log with -Djavax.net.debug=all turn on.
- 2wayTLS.pcap - wireshark recording of port 8443
- secured-app - tested application
- is cloned by
-
ELY-646 Unable to setup CLIENT_CERT authentication with elytron.
-
- Resolved
-
- is incorporated by
-
JBEAP-6253 (7.1.0) Upgrade to WildFly Core 3.0.0.Alpha10
-
- Closed
-
