users@glassfish.java.net

Glassfish Mutual Certificate Validation Problem

From: CE <ebay_at_surfdivision.de>
Date: Thu, 22 May 2008 03:01:06 -0700 (PDT)

Hi all!

We are using Glassfish to serve a secure Webservice to WCF Clients. The
Service is secured by Mutual Certificate Authentication + Secure
Conversation. Everythink worked fine (with Metro Release 1.1 from December
19, 2007) until we had to upgrade the metro webservice stack to the new
version (metro release 1.2 from May 2, 2008) due to a Class-Cast-Bug which
prevented the secured transmission of Exceptions.

With the new version it seems that somehow the validation of the client
certificate is bypassed, because we can connect with any X509Certificate, no
matter if it's present in the server truststore (cacerts.jks) or not.

If i connect with a certificate, which has an invalid expiration date, an
exception is thrown. It looks like, that some validation routines are
called, but the validation of the certificate trust path is bypassed.

Or am I missing some new configuration options?

I have attached our wsit xml configuration ....

Thanks in advance
Chris

http://www.nabble.com/file/p17401112/wsit-onkonet.server.wslayer.praxisservice.PraxisWS.xml
wsit-onkonet.server.wslayer.praxisservice.PraxisWS.xml
-- 
View this message in context: http://www.nabble.com/Glassfish-Mutual-Certificate-Validation-Problem-tp17401112p17401112.html
Sent from the java.net - glassfish users mailing list archive at Nabble.com.