[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-users] SSL Client Certicate Problem with Jetty 9.0.0.M3
|
Hi everyone,
I am trying to get client certificates to work with the below code
using Jetty 9.0.0.M3 / JDK 1.7u10. The code works fine for server SSL
when setNeedClientAuth(false), but the code fails when
setNeedClientAuth(true). The browser also never opens the client
certificate dialog to select the browser client certificate when
setNeedClientAuth(true). This is true for both FireFox and Chrome. The
client browser certificate is self-signed. The server code has a
Godaddy certificate and its chain are in the keystore.jks and the trust
store is a copy of the default cacerts from the JDK1.7u10 folder. With
the java debug set to all, the following error occurs when
setNeedClientAuth(true):
qtp1448874052-28, fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
%% Invalidated: [Session-7, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
qtp1448874052-28, SEND TLSv1 ALERT: fatal, description = bad_certificate
qtp1448874052-28, WRITE: TLSv1 Alert, length = 2
qtp1448874052-28, fatal: engine already closed. Rethrowing
javax.net.ssl.SSLHandshakeException: null cert chain
Any suggestions would be appreciated. - Erich
Server server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(KEYSTORE_LOCATION);
sslContextFactory.setKeyStorePassword(KEYSTORE_PASS);
sslContextFactory.setTrustStorePath(TRUSTSTORE_LOCATION);
String[] excludeme = {"SSLv2Hello"};
sslContextFactory.setExcludeProtocols(excludeme);
ServerConnector SSLconnector = new
ServerConnector(server,sslContextFactory);
SSLconnector.setPort(8443);
server.setConnectors(new Connector[] { SSLconnector });
ResourceHandler resourceHandler = new ResourceHandler();
resourceHandler.setDirectoriesListed(true);
resourceHandler.setResourceBase("/www");
DefaultHandler defaultHandler = new DefaultHandler();
HandlerList handlers = new HandlerList();
handlers.setHandlers(new Handler[]
{resourceHandler,defaultHandler});
server.addConnector(SSLconnector);
server.setHandler(handlers);
sslContextFactory.setWantClientAuth(false);
sslContextFactory.setNeedClientAuth(true);
server.start();
server.join();