0 Replies Latest reply on Feb 12, 2014 3:25 PM by jorgen.nilsson

    Is it possible to configure JBoss to request a client certificate without verifying it?

    jorgen.nilsson Newbie



      I am trying to configure JBoss for mutual TLS authentication and for various reasons I cannot place the client certificates or the ca authority in the truststore file.

      My https connector in standalone.xml configuration looks something like this:


                  <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https">
                      <ssl name="ssl" key-alias="1" password="abc" certificate-key-file="[path]/keystore.p12" protocol="TLSv1" verify-client="want" keystore-type="PKCS12"/>


      Note that I have not specified a ca-certificate-file here as I do not want JBoss to verify the certificate.


      But I do want JBoss to request a certificate from the client during the TLS handshake and the only way I have found to do so is to specity "want" or "true" for [verify-client].

      But when I do that, it seems that JBoss requires me to include the certificate in the ca-certificate-file.

      I would like to perform the certificate validation from the application later on and have JBoss not care about the certificate.


      Does anyone know if there is anyway to achieve what I want?


      Thanks in advance.