Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] SSL Client Certicate Problem with Jetty 9.0.0.M3

Hi everyone,

I am trying to get client certificates to work with the below code using Jetty 9.0.0.M3 / JDK 1.7u10. The code works fine for server SSL when setNeedClientAuth(false), but the code fails when setNeedClientAuth(true). The browser also never opens the client certificate dialog to select the browser client certificate when setNeedClientAuth(true). This is true for both FireFox and Chrome. The client browser certificate is self-signed. The server code has a Godaddy certificate and its chain are in the keystore.jks and the trust store is a copy of the default cacerts from the JDK1.7u10 folder. With the java debug set to all, the following error occurs when setNeedClientAuth(true):

qtp1448874052-28, fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
%% Invalidated:  [Session-7, TLS_ECDHE_RSA_WITH_RC4_128_SHA]
qtp1448874052-28, SEND TLSv1 ALERT:  fatal, description = bad_certificate
qtp1448874052-28, WRITE: TLSv1 Alert, length = 2
qtp1448874052-28, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain

 Any suggestions would be appreciated.   - Erich

            Server server = new Server();
            SslContextFactory sslContextFactory = new SslContextFactory();
            sslContextFactory.setKeyStorePath(KEYSTORE_LOCATION);
            sslContextFactory.setKeyStorePassword(KEYSTORE_PASS);
sslContextFactory.setTrustStorePath(TRUSTSTORE_LOCATION);
            String[] excludeme = {"SSLv2Hello"};
            sslContextFactory.setExcludeProtocols(excludeme);
ServerConnector SSLconnector = new ServerConnector(server,sslContextFactory);
            SSLconnector.setPort(8443);
            server.setConnectors(new Connector[] { SSLconnector });
            ResourceHandler resourceHandler = new ResourceHandler();
            resourceHandler.setDirectoriesListed(true);
            resourceHandler.setResourceBase("/www");
            DefaultHandler defaultHandler = new DefaultHandler();
            HandlerList handlers = new HandlerList();
handlers.setHandlers(new Handler[] {resourceHandler,defaultHandler});
            server.addConnector(SSLconnector);
            server.setHandler(handlers);
            sslContextFactory.setWantClientAuth(false);
            sslContextFactory.setNeedClientAuth(true);
            server.start();
            server.join();


Back to the top