Hi

I am trying to configure JBoss for mutual TLS authentication and for various reasons I cannot place the client certificates or the ca authority in the truststore file.

My https connector in standalone.xml configuration looks something like this:

            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https">
                <ssl name="ssl" key-alias="1" password="abc" certificate-key-file="[path]/keystore.p12" protocol="TLSv1" verify-client="want" keystore-type="PKCS12"/>
            </connector>

Note that I have not specified a ca-certificate-file here as I do not want JBoss to verify the certificate.

But I do want JBoss to request a certificate from the client during the TLS handshake and the only way I have found to do so is to specity "want" or "true" for [verify-client].

But when I do that, it seems that JBoss requires me to include the certificate in the ca-certificate-file.

I would like to perform the certificate validation from the application later on and have JBoss not care about the certificate.

Does anyone know if there is anyway to achieve what I want?

Thanks in advance.