Tristan Tarrant created ISPN-12726: -------------------------------------- Summary: Server should support a truststore for client cert validation Key: ISPN-12726 URL: https://issues.redhat.com/browse/ISPN-12726 Project: Infinispan Issue Type: Enhancement Components: Security, Server Affects Versions: 12.0.0.Final Reporter: Tristan Tarrant Assignee: Tristan Tarrant Fix For: 12.1.0.Final While it is possible to authenticate clients using a certificate, this requires a trust store realm which means adding all possible client certificates to the trust store. Simple validation (not authentication) of certificates based on their trust chain is currently not supported. We should enhance the SSL server identity to support a truststore without requiring a trust realm. {code:xml} <security-realm name="default"> <server-identities> <ssl> <keystore path="server.pfx" keystore-password="secret" alias="server"/> <truststore path="ca.pfx" password="secret"/> </ssl> </server-identities> </security-realm> {code} If a truststore is present, client cert will be required on incoming connections. -- This message was sent by Atlassian Jira (v8.13.1#813001)