[jboss-jira] [JBoss JIRA] (WFLY-2980) TLS client authentication configuration not working
dfisher (JIRA)
issues at jboss.org
Thu Feb 20 10:29:47 EST 2014
[ https://issues.jboss.org/browse/WFLY-2980?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12946445#comment-12946445 ]
dfisher commented on WFLY-2980:
-------------------------------
Sample https-listener configuration:
<https-listener name="default-https" socket-binding="https" security-realm="HTTPSRealm" verify-client="REQUESTED"/>
> TLS client authentication configuration not working
> ---------------------------------------------------
>
> Key: WFLY-2980
> URL: https://issues.jboss.org/browse/WFLY-2980
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (Undertow)
> Affects Versions: 8.0.0.Final
> Reporter: dfisher
> Assignee: Stuart Douglas
>
> Configuration of a security realm with a truststore does not result in an SSL trust manager with the appropriate certificate authorities.
> This configuration:
> {code}
> <security-realm name="HTTPSRealm">
> <server-identities>
> <ssl>
> <keystore alias="server" path="/path/to/my.keystore" keystore-password="changeit" />
> </ssl>
> </server-identities>
> <authentication>
> <truststore path="/path/to/my.truststore" keystore-password="changeit" />
> </authentication>
> </security-realm>
> {code}
> Should expose the certificates in my.truststore as accepted authorities for client authentication.
> An SSL debug shows that no authorities are configured:
> {code}
> *** CertificateRequest
> Cert Types: RSA, DSS, ECDSA
> Cert Authorities:
> <Empty>
> *** ServerHelloDone
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list