Hi, I have configured my app to be secured by x509 certificates, but can't
get the "choose certificate prompt" to be shown in the browser. This works
out of the box in tomcat.
In tomcat the configuration looks like this:
<Connector port="8081" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="want" sslProtocol="TLS"
keystoreFile="keystore"
keystorePass="password" />
When going on the port I am prompted with a ssl renegotiation (asking what
certificate I want to use).
Configuring the same thing in jetty
<New id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath">
<Property name="jetty.keystore" default="keystore"/>
</Set>
<Set name="KeyStorePassword">
<Property name="jetty.keystore.password" default="password"/>
</Set>
<Set name="NeedClientAuth">
<Property name="jetty.ssl.needClientAuth" default="false"/>
</Set>
<Set name="WantClientAuth">
<Property name="jetty.ssl.wantClientAuth" default="true"/>
</Set>
<Set name="EndpointIdentificationAlgorithm"/>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<New id="sslHttpConfig"
class="org.eclipse.jetty.server.HttpConfiguration">
<Arg>
<Ref refid="httpConfig"/>
</Arg>
<Call name="addCustomizer">
<Arg>
<New
class="org.eclipse.jetty.server.SecureRequestCustomizer"/>
</Arg>
</Call>
</New>
</New>
Gives me 403..
Please help me, Obi-wan-Kenobi, or else I'll have to use the tomcat
solution.
Regards, Espen
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
