[jboss-jira] [JBoss JIRA] (AS7-3915) JBoss 7.0.2 mutual certificate authentication fails on SSL Handshake
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Mon Feb 27 13:25:36 EST 2012
[ https://issues.jboss.org/browse/AS7-3915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12671309#comment-12671309 ]
Anil Saldhana commented on AS7-3915:
------------------------------------
https://community.jboss.org/wiki/JBossAS7ConfiguringSSLOnJBossWeb/
Try that on JBoss AS7.1
> JBoss 7.0.2 mutual certificate authentication fails on SSL Handshake
> --------------------------------------------------------------------
>
> Key: AS7-3915
> URL: https://issues.jboss.org/browse/AS7-3915
> Project: Application Server 7
> Issue Type: Bug
> Components: Security
> Affects Versions: 7.0.2.Final
> Environment: Ubuntu 10.10
> java version "1.6.0_30"
> Java(TM) SE Runtime Environment (build 1.6.0_30-b12)
> Java HotSpot(TM) Server VM (build 20.5-b03, mixed mode)
> javac 1.6.0_30
> further configuration (standalone.xml...): http://stackoverflow.com/questions/9226555/jboss-mutual-certificate-authentication-fails-on-ssl-handshake
> Reporter: Pavol Sovis
> Assignee: Anil Saldhana
> Labels: jboss
>
> The goal is to ask any clients to provide a client certificate and achieve mutual authentication between the client and the server.
> I have created a certification authority (CA) to sign the client and server certificates.
> I have imported the server certificate into the keystore and added an HTTPS connector to the standalone.xml configuration file to serve HTTPS requests on the 8443 port.
> I have imported the CA root certificate into the Certificate Manager under Authorities in client's Firefox.
> Everything works fine and when I request https://localhost:8443 I get a page with a valid server certificate.
> The problem is, when I import the client certificate into the Certificate Manager in Firefox and set the server configuration to verify client certificates (verify-client="true" in standalone.xml) I get a browser error:
> Secure Connection Failed:
> An error occurred during a connection to localhost:8443.
> SSL peer cannot verify your certificate.
> (Error code: ssl_error_bad_cert_alert)
> while the jboss log on the server states:
> 11:01:31,142 DEBUG [org.apache.tomcat.util.net.JIoEndpoint] (http-localhost-127.0.0.1-8443-1) Handshake failed: java.io.IOException: SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL
> at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:191) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
> at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:1144) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.2.Final]
> at java.lang.Thread.run(Thread.java:662) [:1.6.0_30]
> To be sure it is a bug, I downgraded to the jboss-6.1.0.Final where everything works fine as expected, i.e. it is a only 7.0.2 version issue. I'm not sure about 7.1.x, since I haven't had the chance to try it yet.
> Btw, I followed this tutorial to get the PKI ready: http://virgo47.wordpress.com/2010/08/23/tomcat-web-application-with-ssl-client-certificates/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list