1 Reply Latest reply on Aug 12, 2015 6:23 AM by Tomaz Cerar

    Manual prompting of Certificate (Wildfly 9)

    Drew Wharton Newbie



      I am attempting to implement login logic that includes the ability to submit a X509Certificate as your credential for login.  The issue I'm running into is that with my current configuration in the standalone.xml I am receiving certificate prompts whenever I enter an https address rather than the desired behavior, which is when a user clicks a button.  Is there anyway for me to configure the server to only allow prompting when I request the certificate(s) in a servlet?


      My current configuration contains a security-realm with a keystore and truststore specified, a security-domain with the jsse tag specified for the keystore and truststore, and an https-listener configured to use the security-realm mentioned prior.


      Thanks for your time.

        • 1. Re: Manual prompting of Certificate (Wildfly 9)
          Tomaz Cerar Master

          As Darran said certificates are only exchanged on establishing/negotiation of SSL connection.


          However you can configure your server and application to force re-negotiation of SSL connection with requesting the certificate.


          in undertow subsystem on https-listener set verify-client="REQUESTED" not REQUIRED as you probably have now.

          next thing is to configure your application.

          to your web.xml add something along this lines:




          where url-pattern should be part of your application path that requires client certificate.

          probably something like /protected/*