Hi
I am trying to configure JBoss for mutual TLS authentication and for various reasons I cannot place the client certificates or the ca authority in the truststore file.
My https connector in standalone.xml configuration looks something like this:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https"> <ssl name="ssl" key-alias="1" password="abc" certificate-key-file="[path]/keystore.p12" protocol="TLSv1" verify-client="want" keystore-type="PKCS12"/> </connector>
Note that I have not specified a ca-certificate-file here as I do not want JBoss to verify the certificate.
But I do want JBoss to request a certificate from the client during the TLS handshake and the only way I have found to do so is to specity "want" or "true" for [verify-client].
But when I do that, it seems that JBoss requires me to include the certificate in the ca-certificate-file.
I would like to perform the certificate validation from the application later on and have JBoss not care about the certificate.
Does anyone know if there is anyway to achieve what I want?
Thanks in advance.