Win a copy of The Way of the Web Tester: A Beginner's Guide to Automating Tests this week in the Testing forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Client-cert authentication

Greg Charles
Posts: 2994
Firefox Browser IntelliJ IDE Java Mac Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm having trouble configuring client certificate authentication. I don't really expect to get an answer here, but any pointers would really help me.

I followed the instructions in Peter's book (JBoss in Action) to enable client certificate access to the JMX console. It's not a simple process, so I won't go into here, but where I'm confused is the server.xml contains:

but I also have to define an mbean like:

So why do I have to point at the server.truststore file from two places, and why is it called a truststore in the connector definition, but a keystore in the security domain definition?

The reason that's a problem for me is that I have a requirement to encrypt the keystore password, which I did following the instructions here. However, that involves defining PBESecurityDomain as a separate mbean like:

and then use that security domain in the connector definition (server.xml) in place of the keystorefile and keystorepass attributes. When I did that though, and still put truststorefile and truststorepass in server.xml, I can't get the client certificate access to work. The logged error is something line "Null certificate in chain."

Just to make it harder, I'm stuck using JBoss 4.2.3.

  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic