Re: [undertow-dev] certs
I will check for you but from last time I worked on this I am not sure
if that is possible - I think a valid trust store was still required
server side to verify the remote certificate - even if it was just a
trust store containing certificate authority certificates.
Do your clients definitely not have a least a common certificate
authority signing their certificates?
Regards,
Darran Lofthouse.
On 26/06/13 23:57, Bill Burke wrote:
Sorry, I want to be able to validate the client cert within the
application servlet.
On 6/26/2013 6:56 PM, Bill Burke wrote:
> I think you misunderstood me. Not looking for client-cert auth. I want
> to be able to validate the client server within the application servlet.
>
> On 6/26/2013 6:50 PM, Tomaz Cerar wrote:
>> It can do it already but config is going to change in future.
>>
>> Take a look at WebCERTTestsSecurityDomainSetup in testsuite on how to do it.
>>
>> Basicly you have to setup securityRealm with server ssl cert, then setup
>> securtiy constraints for web app
>>
>> That test we have in testsuite also tests mapping client certs to users via
>> CertificateRoles security module.
>>
>> --
>> tomaz
>>
>>> -----Original Message-----
>>> From: undertow-dev-bounces(a)lists.jboss.org [mailto:undertow-dev-
>>> bounces(a)lists.jboss.org] On Behalf Of Bill Burke
>>> Sent: Thursday, June 27, 2013 12:11 AM
>>> To: undertow-dev(a)lists.jboss.org
>>> Subject: [undertow-dev] certs
>>>
>>> I need to be able to client certs in the following manner:
>>>
>>> * Set the server to WANT client certs so that it is optional
>>> * Obtain certificate at the servlet layer so I can validate it myself.
>>>
>>> Can Undertow do these yet? Just want to know so I can create the
>>> appropriate jiras.
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>> _______________________________________________
>>> undertow-dev mailing list
>>> undertow-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>