Hello,
Â
I am using jetty-9.2.1.v20140609 and wishing to configure my application to use the setNeedClientAuth (from SslContextFactory). I wish to have a client certificate authentication mechanism within my application.
Â
I am running Jetty in Embedded mode (with no XML configuration).
Â
My code for configuring the SslContextFactory is as follows:
Â
public class SSLContext extends SslContextFactory {
Â
      private final ServerCertificateKeyStore certificateKeyStore = EngineInstanceCore
                    .getServerCertificateKeyStore();
     Â
      private static SSLContext sslContext;
     Â
      private static CertificateKeyStore keyStore;
      private static CertificateKeyStore trustStore;
            Â
      public static SSLContext getInstance() throws Exception {
             if (keyStore == null) keyStore = new CertificateKeyStore("keyStore", true, false);
             if (trustStore == null) trustStore = new CertificateKeyStore("trustStore", true, true);
             if (sslContext == null) sslContext = new SSLContext();
            Â
             return sslContext;
      }
     Â
      protected SSLContext() throws Exception {
             super(keyStore.getKeyStoreFilePath().toString());
             init();
      }
     Â
     Â
      private void init() {
Â
             setKeyStorePassword(new String(keyStore.getKeyStorePassword()));
             setKeyStoreType(keyStore.getKeyStore().getType());
             setKeyStoreProvider(trustStore.getKeyStore().getProvider().getName());
Â
             setTrustStorePath(trustStore.getKeyStoreFilePath().toString());
             setTrustStore(trustStore.getKeyStore());
             setTrustStorePassword(new String(trustStore.getKeyStorePassword()));
             setTrustStoreType(trustStore.getKeyStore().getType());
             setTrustStoreProvider(trustStore.getKeyStore().getProvider().getName());
             setNeedClientAuth(true);
            Â
             System.setProperty("javax.net.ssl.keyStore", keyStore.getKeyStoreFilePath().toString());
             System.setProperty("javax.net.ssl.keyStorePassword", new String(keyStore.getKeyStorePassword()));
             System.setProperty("javax.net.ssl.trustStore", trustStore.getKeyStoreFilePath().toString());
             System.setProperty("javax.net.ssl.trustStorePassword", new String(trustStore.getKeyStorePassword()));
      }
Â
}
Â
Using Chrome, with setNeedClientAuth = TRUE, when I browse to my site Chrome reports âSSL connection errorâ (âError code: ERR_SSL_PROTOCOL_ERRORâ). However, if I set setNeedClientAuth = FALSE,  Chrome successfully browses to the requested URL and I can see that the certificate for the SSL connection is the certificate within the KEYSTORE defined by super(keyStore.getKeyStoreFilePath().toString());
Â
Can anyone please assist within the above in determining why I can not get setNeedClientAuth to work when set to TRUE?
Â
Cheers,
Matthew