Hello, I've got some more information. I set my log levels to debug to find the differences between the two instances and here's what I came up with.
from my workstation (successful) | 08:51:23,125 DEBUG [JSSE14Support] Cert #0 = [ | [ | Version: V1 | Subject: CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, ST=CO, C=US | Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 | | Key: SunJSSE RSA public key: | public exponent: | 010001 | modulus: | c3e2f08a 900ecfb9 3703f44b 2a65201d 0a1a54c7 2b5cac75 c7461763 3792c211 | e9d62af9 9aadb282 7149556f 2520f3a3 f9f4466d 8f344820 0d0c8b15 af2d377b | 9d729a2c 8018815e b734bec0 e4960567 ce315272 88252d1c e79c72b3 ad46e26b | 4c82c81f 6a3998da b8cfbbc3 ed14d649 8dbb6d74 9b36b1be 1f48ad61 151ebcb7 | Validity: [From: Tue Nov 02 09:39:28 MST 2004, | To: Mon Jan 31 09:39:28 MST 2005] | Issuer: CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, ST=CO, C=US | SerialNumber: [ 4187b840] | | ] | Algorithm: [MD5withRSA] | Signature: | 0000: 1D FE 8C 38 E6 1A 07 2D 53 B0 7F F8 F1 DE CF C4 ...8...-S....... | 0010: C6 02 F6 7F 6B 48 A1 A5 AF 5C 51 1C 47 37 76 01 ....kH...\Q.G7v. | 0020: 77 E5 EC 8A 97 83 64 AE 7C 48 EA BA 25 33 4A 3E w.....d..H..%3J> | 0030: 79 24 5D 00 E7 ED 73 E0 7F 29 A5 57 28 6D 52 D4 y$]...s..).W(mR. | 0040: 6C 38 6A 7E 11 94 E8 F1 B2 12 35 D8 61 78 A1 B2 l8j.......5.ax.. | 0050: 44 9A 26 E7 EA 21 DC 0A BC 09 88 87 A8 9A 7E 0B D.&..!.......... | 0060: A7 2C 7C FA 07 F2 6B 31 D0 95 A3 00 33 BA 16 7E .,....k1....3... | 0070: 2D 1A 2C CA 2D 79 48 50 C8 F4 FD 08 E5 80 B5 2D -.,.-yHP.......- | | ] | 08:51:23,156 DEBUG [BaseCertLoginModule] securityDomain=java:/jaas/ws-cert | 08:51:23,156 DEBUG [BaseCertLoginModule] found domain: org.jboss.security.plugins.JaasSecurityDomain | 08:51:23,156 DEBUG [BaseCertLoginModule] exit: initialize(Subject, CallbackHandler, Map, Map) | 08:51:23,156 DEBUG [BaseCertLoginModule] enter: login() | 08:51:23,156 DEBUG [BaseCertLoginModule] enter: getAliasAndCert() | 08:51:23,156 DEBUG [BaseCertLoginModule] exit: getAliasAndCert() | 08:51:23,156 DEBUG [BaseCertLoginModule] enter: validateCredentail(String, X509Certificate) | 08:51:23,171 DEBUG [BaseCertLoginModule] | Supplied Credential: 4187b840 | CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, ST=CO, C=US | | Existing Credential: 4187b840 | CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, ST=CO, C=US | | 08:51:23,171 DEBUG [BaseCertLoginModule] The supplied certificate matched the certificate in the keystore. | 08:51:23,171 DEBUG [BaseCertLoginModule] exit: validateCredentail(String, X509Certificate) | 08:51:23,171 DEBUG [BaseCertLoginModule] exit: login() | 08:51:23,234 DEBUG [AuthenticatorBase] Authenticated 'CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorad | o, L=Denver, ST=CO, C=US' with type 'CLIENT-CERT' | 08:51:23,234 DEBUG [AuthenticatorBase] Calling accessControl() | 08:51:23,234 DEBUG [RealmBase] Checking roles GenericPrincipal[CN=CO CSE Client, OU=Child Support Enforcement, O=State | of Colorado, L=Denver, ST=CO, C=US(W,)] | 08:51:23,234 DEBUG [RealmBase] Username CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, S | T=CO, C=US has role W | 08:51:23,234 DEBUG [AuthenticatorBase] Successfully passed all security constraints | from the linux server (unsuccessful) | 2005-01-14 08:57:53,365 DEBUG [org.apache.tomcat.util.net.jsse.JSSE14Support] Cert #0 = [ | [ | Version: V1 | Subject: CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, ST=CO, C=US | Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 | | Key: [EMAIL PROTECTED] | Validity: [From: Tue Nov 02 09:39:28 MST 2004, | To: Mon Jan 31 09:39:28 MST 2005] | Issuer: CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, ST=CO, C=US | SerialNumber: [ 4187b840] | | ] | Algorithm: [MD5withRSA] | Signature: | 0000: 1D FE 8C 38 E6 1A 07 2D 53 B0 7F F8 F1 DE CF C4 ...8...-S....... | 0010: C6 02 F6 7F 6B 48 A1 A5 AF 5C 51 1C 47 37 76 01 ....kH...\Q.G7v. | 0020: 77 E5 EC 8A 97 83 64 AE 7C 48 EA BA 25 33 4A 3E w.....d..H..%3J> | 0030: 79 24 5D 00 E7 ED 73 E0 7F 29 A5 57 28 6D 52 D4 y$]...s..).W(mR. | 0040: 6C 38 6A 7E 11 94 E8 F1 B2 12 35 D8 61 78 A1 B2 l8j.......5.ax.. | 0050: 44 9A 26 E7 EA 21 DC 0A BC 09 88 87 A8 9A 7E 0B D.&..!.......... | 0060: A7 2C 7C FA 07 F2 6B 31 D0 95 A3 00 33 BA 16 7E .,....k1....3... | 0070: 2D 1A 2C CA 2D 79 48 50 C8 F4 FD 08 E5 80 B5 2D -.,.-yHP.......- | | ] | 2005-01-14 08:57:53,387 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] securityDomain=java:/jaas/ws-cert | 2005-01-14 08:57:53,388 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] found domain: org.jboss.security.plugins.JaasSecurityDomain | 2005-01-14 08:57:53,388 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] exit: initialize(Subject, CallbackHandler, Map, Map) | 2005-01-14 08:57:53,388 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] enter: login() | 2005-01-14 08:57:53,388 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] enter: getAliasAndCert() | 2005-01-14 08:57:53,390 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] exit: getAliasAndCert() | 2005-01-14 08:57:53,390 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] enter: validateCredentail(String, X509Certificate) | 2005-01-14 08:57:53,390 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] | Supplied Credential: 4187b840 | CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, ST=CO, C=US | | Existing Credential: No match for alias: CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, ST=CO, C=US, we have aliases [root, az-client, jboss-server-dev, brian-client, mykey, ricardo-client, brian-client-2] | 2005-01-14 08:57:53,390 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] The supplied certificate DID NOT match the certificate in the keystore. | 2005-01-14 08:57:53,390 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] exit: validateCredentail(String, X509Certificate) | 2005-01-14 08:57:53,390 DEBUG [org.jboss.security.auth.spi.BaseCertLoginModule] Bad credential for alias=CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, ST=CO, C=US | 2005-01-14 08:57:53,402 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=CN=CO CSE Client, OU=Child Support Enforcement, O=State of Colorado, L=Denver, ST=CO, C=US | 2005-01-14 08:57:53,403 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test | There are two things I see. On my workstation there is more information given in the certificate data, even though the serial number and signature match. Also, it looks like its comparing the DN to the alias names. I thought it was supposed to loop through the aliases and then match the DN to the DN attached to the alias. Any ideas of what is going on here? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3862165#3862165 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3862165 ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
