Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-2980

TLS client authentication configuration not working

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Major Major
    • None
    • 8.0.0.Final
    • Web (Undertow)
    • None

      Configuration of a security realm with a truststore does not result in an SSL trust manager with the appropriate certificate authorities.
      This configuration:

                  <security-realm name="HTTPSRealm">
                <server-identities>
                    <ssl>
                        <keystore alias="server" path="/path/to/my.keystore" keystore-password="changeit" />
                    </ssl>
                </server-identities>
                <authentication>
                    <truststore path="/path/to/my.truststore" keystore-password="changeit" />
                </authentication>
            </security-realm>

      Should expose the certificates in my.truststore as accepted authorities for client authentication.
      An SSL debug shows that no authorities are configured:

      *** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<Empty>
*** ServerHelloDone

              tomazcerar Tomaž Cerar (Inactive)
              dfisher_jira dfisher (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: