0 Replies Latest reply on Feb 12, 2014 3:25 PM by jorgen.nilsson

    Is it possible to configure JBoss to request a client certificate without verifying it?

    jorgen.nilsson Newbie

      Hi

       

      I am trying to configure JBoss for mutual TLS authentication and for various reasons I cannot place the client certificates or the ca authority in the truststore file.

      My https connector in standalone.xml configuration looks something like this:

       

                  <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https">
                      <ssl name="ssl" key-alias="1" password="abc" certificate-key-file="[path]/keystore.p12" protocol="TLSv1" verify-client="want" keystore-type="PKCS12"/>
                  </connector>
      

       

      Note that I have not specified a ca-certificate-file here as I do not want JBoss to verify the certificate.

       

      But I do want JBoss to request a certificate from the client during the TLS handshake and the only way I have found to do so is to specity "want" or "true" for [verify-client].

      But when I do that, it seems that JBoss requires me to include the certificate in the ca-certificate-file.

      I would like to perform the certificate validation from the application later on and have JBoss not care about the certificate.

       

      Does anyone know if there is anyway to achieve what I want?

       

      Thanks in advance.