Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-646

Unable to setup CLIENT_CERT authentication with elytron.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • None
    • SSL
    • None

      Following Zach's notes on How to setup 2 way TLS I am unable to setup it properly. User is not requested by browser for specifying client certificate and get access to application without certificate.

      In log you there is:
      1. Server send request for certificate

      ^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) *** CertificateRequest
^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Types: RSA, DSS, ECDSA
^[[0m^[[0m13:55:33,309 INFO  [stdout] (default task-1) Cert Authorities:
^[[0m^[[0m13:55:33,310 INFO  [stdout] (default task-1) <CN=client>

      2. And client responds with empty certificate chain. Without asking for certificate

      ^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) *** Certificate chain
^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) <Empty>
^[[0m^[[0m13:55:33,432 INFO  [stdout] (default task-2) ***

      I am attaching:

      • server.log - server log with -Djavax.net.debug=all turn on.
      • 2wayTLS.pcap - wireshark recording of port 8443
      • secured-app - tested application

            jkalina@redhat.com Jan Kalina (Inactive)
            mchoma@redhat.com Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: