Details

    • Type: Bug
    • Status: Verified (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 7.1.0.DR5
    • Fix Version/s: 7.1.0.DR6
    • Component/s: Security
    • Labels:
      None

      Description

      Following Zach's notes on How to setup 2 way TLS I am unable to setup it properly. User is not requested by browser for specifying client certificate and get access to application without certificate.

      In log you there is:
      1. Server send request for certificate

      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) *** CertificateRequest
      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Types: RSA, DSS, ECDSA
      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Authorities:
      ^[[0m^[[0m13:55:33,310 INFO  [stdout] (default task-1) <CN=client>
      

      2. And client responds with empty certificate chain. Without asking for certificate

      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) *** Certificate chain
      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) <Empty>
      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) ***
      

      I am attaching:

      • server.log - server log with -Djavax.net.debug=all turn on.
      • 2wayTLS.pcap - wireshark recording of port 8443
      • secured-app - tested application

        Gliffy Diagrams

          Attachments

          1. 2wayTLS.pcap
            7 kB
          2. secured-webapp.tar.gz
            4.23 MB
          3. server.log
            72 kB

            Issue Links

              Activity

                People

                • Assignee:
                  honza889 Jan Kalina
                  Reporter:
                  mchoma Martin Choma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: