jQuery in Action, 3rd edition
The moose likes JBoss/WildFly and the fly likes Client-cert authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Building Microservices this week in the Design forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Client-cert authentication" Watch "Client-cert authentication" New topic
Author

Client-cert authentication

Greg Charles
Sheriff

Joined: Oct 01, 2001
Posts: 2931
    
  12

I'm having trouble configuring client certificate authentication. I don't really expect to get an answer here, but any pointers would really help me.

I followed the instructions in Peter's book (JBoss in Action) to enable client certificate access to the JMX console. It's not a simple process, so I won't go into here, but where I'm confused is the server.xml contains:




but I also have to define an mbean like:



So why do I have to point at the server.truststore file from two places, and why is it called a truststore in the connector definition, but a keystore in the security domain definition?

The reason that's a problem for me is that I have a requirement to encrypt the keystore password, which I did following the instructions here. However, that involves defining PBESecurityDomain as a separate mbean like:



and then use that security domain in the connector definition (server.xml) in place of the keystorefile and keystorepass attributes. When I did that though, and still put truststorefile and truststorepass in server.xml, I can't get the client certificate access to work. The logged error is something line "Null certificate in chain."

Just to make it harder, I'm stuck using JBoss 4.2.3.

 
Have you checked out Aspose?
 
subject: Client-cert authentication
 
It's not a secret anymore!