Hi, I have configured my app to be secured by x509 certificates, but can't get the "choose certificate prompt" to be shown in the browser. This works out of the box in tomcat.
In tomcat the configuration looks like this:
<Connector port="8081" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="want" sslProtocol="TLS"
keystoreFile="keystore"
keystorePass="password" />
When going on the port I am prompted with a ssl renegotiation (asking what certificate I want to use).
Configuring the same thing in jetty
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath">
<Property name="jetty.keystore" default="keystore"/>
</Set>
<Set name="KeyStorePassword">
<Property name="jetty.keystore.password" default="password"/>
</Set>
<Set name="NeedClientAuth">
<Property name="jetty.ssl.needClientAuth" default="false"/>
</Set>
<Set name="WantClientAuth">
<Property name="jetty.ssl.wantClientAuth" default="true"/>
</Set>
<Set name="EndpointIdentificationAlgorithm"/>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg>
<Ref refid="httpConfig"/>
</Arg>
<Call name="addCustomizer">
<Arg>
<New class="org.eclipse.jetty.server.SecureRequestCustomizer"/>
</Arg>
</Call>
</New>
</New>
Gives me 403..
Please help me, Obi-wan-Kenobi, or else I'll have to use the tomcat solution.
Regards, Espen
