[keycloak-user] Can't login with certificate

Karol Buler K.Buler at adbglobal.com
Thu Oct 12 09:16:51 EDT 2017 

Peter,

thank you so much for the response, but during waiting I resolved the 
problem. Problem was with my cert/key pair. They was in PKCS#12 format, 
but PEM is required. The solution is as follows:

     1. Export cert and key from your private key in PEM format.

             openssl pkcs12 -in private_key.p12 -out cert.crt.pem 
-clcerts -nokeys
             openssl pkcs12 -in private_key.p12 -out pkey.key.pem 
-nocerts -nodes

     2. Call 'curl' from documentation :)

Regards,
Karol

On 12.10.2017 15:05, Nalyvayko, Peter wrote:
> Hi Karol,
>
> Are you using curl and the direct grant to verify the x509 client cert authentication?
> --Peter
> ________________________________________
> From: keycloak-user-bounces at lists.jboss.org [keycloak-user-bounces at lists.jboss.org] on behalf of Karol Buler [K.Buler at adbglobal.com]
> Sent: Tuesday, October 10, 2017 5:06 AM
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] Can't login with certificate
>
> Hi,
>
> when I try to login with certificate according to Keycloak's
> documentation instructions
> (http://www.keycloak.org/docs/latest/server_admin/topics/authentication/x509.html)
> I am getting this error:
>
>       curl: (35) gnutls_handshake() failed: The TLS connection was
> non-properly terminated.
>
> I also checked the logs in DEBUG level and there is:
>
> 11:01:50,494 DEBUG [io.undertow.request.io] (default I/O-4) UT005013: An
> IOException occurred: java.io.IOException: javax.net.ssl.SSLException:
> Inbound closed before receiving peer's close_notify: possible truncation
> attack?
>       at
> io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:577)
>       at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java:920)
>       at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java:1015)
>       at
> io.undertow.protocols.ssl.UndertowSslConnection.closeAction(UndertowSslConnection.java:146)
>       at org.xnio.Connection.close(Connection.java:132)
>       at org.xnio.IoUtils.safeClose(IoUtils.java:134)
>       at io.undertow.protocols.ssl.SslConduit$4$1.run(SslConduit.java:984)
>       at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580)
>       at org.xnio.nio.WorkerThread.run(WorkerThread.java:464)
> Caused by: javax.net.ssl.SSLException: Inbound closed before receiving
> peer's close_notify: possible truncation attack?
>       at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>       at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
>       at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
>       at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
>       at
> io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:575)
>       ... 8 more
>
> I don't know what is wrong. Maybe someone of you had the same problem?
>
> Regards,
> Karol
>
> [https://www.adbglobal.com/wp-content/uploads/adb.png]
> adbglobal.com<https://www.adbglobal.com>
> [https://www.adbglobal.com/wp-content/uploads/linkedin_logo.png]<https://www.linkedin.com/company/adb/>         [https://www.adbglobal.com/wp-content/uploads/twitter_logo.png] <https://twitter.com/adb_global>        [https://www.adbglobal.com/wp-content/uploads/pinterest_logo.png] <https://pinterest.com/adbglobal/pins/>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list