Thanks for reply.
My web.xml:
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>secure resource</web-resource-name>
<description/>
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>authorized</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
<description/>
<role-name>authorized</role-name>
</security-role>
and piece of sun-web.xml:
<security-role-mapping>
<role-name>authorized</role-name>
<group-name>authorized</group-name>
</security-role-mapping>
where "authorized" is the group of certificate realm in glassfish.
I have enabled ssl debug in glassfish and these are last lines that might be of interest in glassfish log:
[#|2008-02-12T18:05:21.912+0200|INFO|sun-appserver9.1|javax.enterprise.system.stream.out|_ThreadID=17;_ThreadName=httpSSLWorkerThread-8181-1;|
***|#]
[#|2008-02-12T18:05:21.912+0200|INFO|sun-appserver9.1|javax.enterprise.system.stream.out|_ThreadID=17;_ThreadName=httpSSLWorkerThread-8181-1;|
httpSSLWorkerThread-8181-1, fatal error: 46: General SSLEngine problem
java.security.cert.CertificateException: Certificate contains unsupported critical extensions: [2.5.29.17]|#]
[#|2008-02-12T18:05:21.912+0200|INFO|sun-appserver9.1|javax.enterprise.system.stream.out|_ThreadID=17;_ThreadName=httpSSLWorkerThread-8181-1;|
%% Invalidated: [Session-5, SSL_RSA_WITH_RC4_128_MD5]|#]
[#|2008-02-12T18:05:21.912+0200|INFO|sun-appserver9.1|javax.enterprise.system.stream.out|_ThreadID=17;_ThreadName=httpSSLWorkerThread-8181-1;|
httpSSLWorkerThread-8181-1|#]
[#|2008-02-12T18:05:21.912+0200|INFO|sun-appserver9.1|javax.enterprise.system.stream.out|_ThreadID=17;_ThreadName=httpSSLWorkerThread-8181-1;|, SEND TLSv1 ALERT: |#]
[#|2008-02-12T18:05:21.912+0200|INFO|sun-appserver9.1|javax.enterprise.system.stream.out|_ThreadID=17;_ThreadName=httpSSLWorkerThread-8181-1;|fatal, |#]
[#|2008-02-12T18:05:21.912+0200|INFO|sun-appserver9.1|javax.enterprise.system.stream.out|_ThreadID=17;_ThreadName=httpSSLWorkerThread-8181-1;|description = certificate_unknown|#]
[#|2008-02-12T18:05:21.912+0200|INFO|sun-appserver9.1|javax.enterprise.system.stream.out|_ThreadID=17;_ThreadName=httpSSLWorkerThread-8181-1;|
httpSSLWorkerThread-8181-1, WRITE: TLSv1 Alert, length = 18|#]
[#|2008-02-12T18:05:21.912+0200|INFO|sun-appserver9.1|javax.enterprise.system.stream.out|_ThreadID=17;_ThreadName=httpSSLWorkerThread-8181-1;|
httpSSLWorkerThread-8181-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: General SSLEngine problem|#]
It might be certificate problem - I tried to import CA certificate chain from
http://info.e-me.lv/en/dokumenti/LPproductionchain2.p7b but got keytool exception, so I had to import all 3 certificates manually
[Message sent by forum member 'lmx' (lmx)]
http://forums.java.net/jive/thread.jspa?messageID=258664