4 Replies Latest reply on Oct 28, 2002 7:46 AM by shorero

CLIENT-CERT authantication in Jetty

tomasg Oct 15, 2002 7:37 AM

I've got CLIENT-CERT (SSL with client certificates) authaetication working nicely in Jboss3.x_Tomcat, but I'm having problems getting it to work in standard JBoss3.x_Jetty.

I configured Jetty for SSL in jbossweb.sar\META-INF\jboss-service.xml, but when I deploy my app I get NPException:

I guess the NP is a bug in Jetty? And I also think I need to configure Jetty to require client certificates somehow.
Does anyone know how to do this?

/Tomas

1. Re: CLIENT-CERT authantication in Jetty

shorero Oct 17, 2002 8:45 AM (in response to tomasg)

I've got the same problem. Any progress?
Actions
2. Re: CLIENT-CERT authantication in Jetty

tomasg Oct 22, 2002 8:31 AM (in response to tomasg)

Nope, though I can see several people have the same problem.
Actions
3. Re: CLIENT-CERT authantication in Jetty

shorero Oct 22, 2002 3:06 PM (in response to tomasg)

I posted a similar query on the jetty support mailing list run thru yahoo. The reply was words to the effect that the problem shouldn't happen (mine is a hang trying to establish the SSL session with client-cert authentication turned on). Anyway, I think we're going to have to hack into the Jetty code to get this to work. If I have time to make some progress, I'll let you know.
Actions
4. Re: CLIENT-CERT authantication in Jetty

shorero Oct 28, 2002 7:46 AM (in response to tomasg)

OK, the fix turns out to be sort of a duh... Simply add
true
to the SSL listener configuration in jboss-service.xml. That causes Jetty (probably JSSE, actually) to request the client certificate. However, you can't specify <auth-method>CLIENT-CERT</auth-method> in your web.xml file. That's going to require a JBoss code change. I'm trying to figure out just what to modify.
Actions

Go to original post