Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Client-cert authentication

 
Greg Charles
Sheriff
Posts: 2993
12
Firefox Browser IntelliJ IDE Java Mac Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm having trouble configuring client certificate authentication. I don't really expect to get an answer here, but any pointers would really help me.

I followed the instructions in Peter's book (JBoss in Action) to enable client certificate access to the JMX console. It's not a simple process, so I won't go into here, but where I'm confused is the server.xml contains:




but I also have to define an mbean like:



So why do I have to point at the server.truststore file from two places, and why is it called a truststore in the connector definition, but a keystore in the security domain definition?

The reason that's a problem for me is that I have a requirement to encrypt the keystore password, which I did following the instructions here. However, that involves defining PBESecurityDomain as a separate mbean like:



and then use that security domain in the connector definition (server.xml) in place of the keystorefile and keystorepass attributes. When I did that though, and still put truststorefile and truststorepass in server.xml, I can't get the client certificate access to work. The logged error is something line "Null certificate in chain."

Just to make it harder, I'm stuck using JBoss 4.2.3.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic