I hope someone can help me with the following question:
How can I tell Glassfish to accept only client certificates which are signed with a particular root certificate?
I have activated "client authentication" on my HTTPS listener, and my browser does indeed now ask me to select a certificate, but Glassfish appears to be accepting *any* client certificate (I happen to have a Thawte personal email certificate installed as well).
I want Classfish to accept only certificates that are signed with my own self-signed root certificate (which I have already imported into cacerts.jks). How can I get Glassfish to do this?
The reason is that I want to use the certificate only to identify the client machine as trusted; the user still has to log in with a userid and password. If Glassfish does not support this, how can I best achieve that only trusted machines can connect?
[Message sent by forum member 'pepijn_schmitz' (pepijn_schmitz)]
http://forums.java.net/jive/thread.jspa?messageID=296146