This content has been marked as final.
Show 1 reply
-
1. Re: Manual prompting of Certificate (Wildfly 9)
ctomc Aug 12, 2015 6:23 AM (in response to drew_l_w)As Darran said certificates are only exchanged on establishing/negotiation of SSL connection.
However you can configure your server and application to force re-negotiation of SSL connection with requesting the certificate.
in undertow subsystem on https-listener set verify-client="REQUESTED" not REQUIRED as you probably have now.
next thing is to configure your application.
to your web.xml add something along this lines:
<security-constraint>
<web-resource-collection>
<web-resource-name>Everything</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>where url-pattern should be part of your application path that requires client certificate.
probably something like /protected/*