Unable to setup CLIENT_CERT authentication with elytron. -------------------------------------------------------- Key: ELY-646 URL: https://issues.jboss.org/browse/ELY-646 Project: WildFly Elytron Issue Type: Bug Components: SSL Reporter: Martin Choma Assignee: Jan Kalina Priority: Blocker Following Zach's notes on [How to setup 2 way TLS|https://gitlab.cee.redhat.com/zrhoads/kbase/blob/master/eap71.elytron...] I am unable to setup it properly. User is not requested by browser for specifying client certificate and get access to application without certificate. In log you there is: 1. Server send request for certificate {code} ^[[0m^[[0m13:55:33,309 INFO [stdout] (default task-1) *** CertificateRequest ^[[0m^[[0m13:55:33,309 INFO [stdout] (default task-1) Cert Types: RSA, DSS, ECDSA ^[[0m^[[0m13:55:33,309 INFO [stdout] (default task-1) Cert Authorities: ^[[0m^[[0m13:55:33,310 INFO [stdout] (default task-1) <CN=client> {code} 2. And client responds with empty certificate chain. Without asking for certificate {code} ^[[0m^[[0m13:55:33,432 INFO [stdout] (default task-2) *** Certificate chain ^[[0m^[[0m13:55:33,432 INFO [stdout] (default task-2) <Empty> ^[[0m^[[0m13:55:33,432 INFO [stdout] (default task-2) *** {code} I am attaching: * server.log - server log with -Djavax.net.debug=all turn on. * 2wayTLS.pcap - wireshark recording of port 8443 * secured-app - tested application