users@glassfish.java.net

Re: Client certificate authentication problem (still not solved?)

From: <glassfish_at_javadesktop.org>
Date: Thu, 10 Jul 2008 00:53:55 PDT

> Basically, I was trying the client cert auth example
> in your blog (please see link above), and configured
> web.xml, sun-web.xml and domain.xml as specified in
> your article, but it didn't work.
>
> I don't know what client cert the browser sends, how
> can I set that?
You need toe check your browser documentation. It will be different for different browsers.

For example Mozilla Edit-->preferences->Privacy & Security->certificates->Manage Certificates

And you will need to upload your client certificate over there. Usually the browsers accept a PKCS12 (.pfx) file which contains your client certificate and keypair.

> Is it the cacert the client gets
> from SSL hand shaking?
No it not that. Since you want Client Certificate Authentication you need to have your own client cert.

 If you have not configured one in the browser then as you said you will see a failure .

However if you are not interested in authenticating the client cert but just do SSL authentication then disable the Client Cert Authentication.

If you want a sample .pfx file which you can install in your browser, i can send you one.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]

http://forums.java.net/jive/thread.jspa?messageID=285585