BaseCertLoginModule does not actully check a client certificate for signing making the use of a CA not possible --------------------------------------------------------------------------------------------------------------- Key: SECURITY-838 URL: https://issues.jboss.org/browse/SECURITY-838 Project: PicketBox Issue Type: Bug Security Level: Public(Everyone can see) Components: PicketBox Affects Versions: PicketBox_4_0_21.Beta2 Reporter: Tom Fonteyne Assignee: Stefan Guilhen BaseCertLoginModule is not really checking if client certificates are valid. It only checks it the client certificate is present in the truststore and then does a binary compare. This means that properly signed client certificates by a CA cannot be used unless they are all imported into the truststore. A normal/standard setup would *only* have the CA certificate in the truststore and not the actual client certificates