| [jetty-users] Issue with using SslContextFactory.setNeedClientAuth |
Hello,  I am using jetty-9.2.1.v20140609 and wishing to configure my application to use the setNeedClientAuth (from SslContextFactory). I wish to have a client certificate authentication mechanism within my application.  I am running Jetty in Embedded mode (with no XML configuration).  My code for configuring the SslContextFactory is as follows:   public class SSLContext extends SslContextFactory {        private final ServerCertificateKeyStore certificateKeyStore = EngineInstanceCore                     .getServerCertificateKeyStore();             private static SSLContext sslContext;             private static CertificateKeyStore keyStore;       private static CertificateKeyStore trustStore;                    public static SSLContext getInstance() throws Exception {              if (keyStore == null) keyStore = new CertificateKeyStore("keyStore", true, false);              if (trustStore == null) trustStore = new CertificateKeyStore("trustStore", true, true);              if (sslContext == null) sslContext = new SSLContext();                           return sslContext;       }             protected SSLContext() throws Exception {              super(keyStore.getKeyStoreFilePath().toString());              init();       }                   private void init() {               setKeyStorePassword(new String(keyStore.getKeyStorePassword()));              setKeyStoreType(keyStore.getKeyStore().getType());              setKeyStoreProvider(trustStore.getKeyStore().getProvider().getName());               setTrustStorePath(trustStore.getKeyStoreFilePath().toString());              setTrustStore(trustStore.getKeyStore());              setTrustStorePassword(new String(trustStore.getKeyStorePassword()));              setTrustStoreType(trustStore.getKeyStore().getType());              setTrustStoreProvider(trustStore.getKeyStore().getProvider().getName());              setNeedClientAuth(true);                           System.setProperty("javax.net.ssl.keyStore", keyStore.getKeyStoreFilePath().toString());              System.setProperty("javax.net.ssl.keyStorePassword", new String(keyStore.getKeyStorePassword()));              System.setProperty("javax.net.ssl.trustStore", trustStore.getKeyStoreFilePath().toString());              System.setProperty("javax.net.ssl.trustStorePassword", new String(trustStore.getKeyStorePassword()));       }  }   Using Chrome, with setNeedClientAuth = TRUE, when I browse to my site Chrome reports âSSL connection errorâ (âError code: ERR_SSL_PROTOCOL_ERRORâ). However, if I set setNeedClientAuth = FALSE,  Chrome successfully browses to the requested URL and I can see that the certificate for the SSL connection is the certificate within the KEYSTORE defined by super(keyStore.getKeyStoreFilePath().toString());  Can anyone please assist within the above in determining why I can not get setNeedClientAuth to work when set to TRUE?  Cheers, Matthew |