Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] How to configure Jetty 9 so x509 client certificate is transferred in https requests?

On 6/12/13 18:26, ronnie_and_sandy wrote:
Alex,

I'm using the maven plugin and followed the "Configuring a Https Connector"
instructions at
http://www.eclipse.org/jetty/documentation/current/jetty-maven-plugin.html#configuring-jetty-container
with the following caveats:

- the plugin didn't like the <Configure id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.SslContextFactory"> tag, since
SslContextFactory is not a server, so I combined jetty.xml, jetty-ssl.xml
and jetty-https.xml into one file and replaced the Configure tag with New
tag for SslContextFactory.

- I added the following tag to the SslContextFactory:
         <Set name="NeedClientAuth">
             <Property name="jetty.needclientauth" default="true"/>
         </Set>

Sounds like you tried something like this for standalone Jetty (not the
maven plugin), but this worked for me.

I do get abort behavior for IE (sometimes after identifying the cert), but
Ffx and Chrome work properly. That is, they ask for the cert and the page is
rendered. Java clients (e.g. SoapUI) work properly as well.
Thanks for the tip, ronnie_and_sandy.

I actually figured out what was the problem almost a month ago, but still didn't get around replying this e-mail thread, so doing it now. The problem in my case was trivial -- I didn't had any trusted CA's configured in the keystore that Jetty was using. So, naturally, it rejected all incoming https requests.

I followed Whitey's coding blog post [1.] describing a simple way of generating a test CA and client certificate "issued" by that CA, and got a working setup.

Hope this information will help to anyone trying to setup an https test environment.

Cheers!
Alex-

[1.] http://whiteycode.blogspot.fi/2012/04/x509-authentication-with-spring-eclipse.html



Back to the top