[jboss-jira] [JBoss JIRA] (WFLY-2980) TLS client authentication configuration not working
dfisher (JIRA)
issues at jboss.org
Thu Feb 20 10:07:48 EST 2014
dfisher created WFLY-2980:
-----------------------------
Summary: TLS client authentication configuration not working
Key: WFLY-2980
URL: https://issues.jboss.org/browse/WFLY-2980
Project: WildFly
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Web (Undertow)
Affects Versions: 8.0.0.Final
Reporter: dfisher
Assignee: Stuart Douglas
Configuration of a security realm with a truststore does not result in an SSL trust manager with the appropriate certificate authorities.
This configuration:
{code}
<security-realm name="HTTPSRealm">
<server-identities>
<ssl>
<keystore alias="server" path="/path/to/my.keystore" keystore-password="changeit" />
</ssl>
</server-identities>
<authentication>
<truststore path="/path/to/my.truststore" keystore-password="changeit" />
</authentication>
</security-realm>
{code}
Should expose the certificates in my.truststore as accepted authorities for client authentication.
An SSL debug shows that no authorities are configured:
{code}
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<Empty>
*** ServerHelloDone
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list