Re: [jetty-users] How to configure client certificate for mutual SSL auth with Jetty?

Tue, 06 Jan 2015 00:32:31 -0800

I use the same way (request.getAttribute("javax.servlet.request.X509Certificate")) in a project of mine without any problem. And yes, the TLS/Cert stufff happens on a different layer the http-layer normaly has no knowlede of this and it works kompletely transparent to the application side wheater TLS/ClientAuth is used. 

Am 05.01.2015 19:56, schrieb Wenlong Dong:
BTW, what is the best way to retrieve the client-cert from the server-side please? I did the following. Is it the best way? protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { X509Certificate[] certs = (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate"); Somehow request.getAuthType() returns null. Is it because authType is only set at HTTP layer but not TLS layer? Thanks! 


On Mon, Jan 5, 2015 at 12:11 AM, Wenlong Dong <[email protected] 
<mailto:[email protected]>> wrote:


    Christoph, thanks a lot for the quick reply! After enabling SSL
    debugging, I figured it out today. I also needed to call
    setTrustStorePath/setTrustStorePassword. Now it works fine.

    On Mon, Jan 5, 2015 at 12:01 AM, Christoph Läubrich
    <[email protected] <mailto:[email protected]>> wrote:

        Can you show the whole stack trace? I suspect that your server
        does not trust the client cert. In that case the SSL
        connection fails. So you need to export the public certificate
        from your clients key store, import it in a (server)
        truststore and pass this to the context factory as a trust store.
        _______________________________________________
        jetty-users mailing list
        [email protected] <mailto:[email protected]>
        To change your delivery options, retrieve your password, or
        unsubscribe from this list, visit
        https://dev.eclipse.org/mailman/listinfo/jetty-users




_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from 
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from 
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users





















					Reply via email to