I had to switch the idea and ssl terminates at jetty server. So I had to configure things like keystore etc. At the same time I've setup ssl configuration like keystore etc and link to the HttpConduit. Also added <sec:clientAuthenticayion required='true' want='true'/> But don't understand how these 2 configs are working together and I had an impression that cxf config is ignored Don't know how to proof that server requests for the client certificate
2017-06-23 23:11 GMT+02:00 Christian Schneider <[email protected]>: > If your client needs to call the nginx proxy instead of the service then > the proxy must provide all the server side ssl setup including the 2 way > ssl rules which client certs are allowed to connect. > > Christian > > 2017-06-23 15:30 GMT+02:00 Arek R. <[email protected]>: > > > 1. I've a requirement to implement 2 way ssl. I'm using > > JaxWsProxyFactoryBean, set TlsClientParams and manage to run a test via > > https. 1 way ssl is working. > > Now want to add a client certificate cause there's an error in the server > > log like 'client sent no required SSL certificate while reading client > > request headers' but cannot find any good example how to do it. Any hint > ? > > > > 2. If ssl terminates at nginx server am I able to recognize the client on > > the web server ? > > I guess no and in such case I should handle ssl at jetty/cxf level. > Please > > confirm. > > Or the only way is to sign the messages and then it doesn't matter where > > ssl is handled. > > > > > > -- > -- > Christian Schneider > http://www.liquid-reality.de > <https://owa.talend.com/owa/redir.aspx?C=3aa4083e0c744ae1ba52bd062c5a7e > 46&URL=http%3a%2f%2fwww.liquid-reality.de> > > Open Source Architect > http://www.talend.com > <https://owa.talend.com/owa/redir.aspx?C=3aa4083e0c744ae1ba52bd062c5a7e > 46&URL=http%3a%2f%2fwww.talend.com> >
