Hi, (please forgive my bad English)
Configuration:
Glassfish v2 (cluster profile) JVM 1.5
OS (same problem with Ubuntu, Windows XP and Solaris 9)
My problem is this:
I try to activate mutual authentication (client authentication)
My SSL configuration :
I have a server certificate signed by a trusted local authority.
I imported the public key of the authority who signed the certificate in cacert and keystore
I imported the server certificate signed by the local authority in the keystore
I set the Certificate NickName in http-listener-2 (enabling SSL v3 and TLS off course)
I back up, stop and restart the domain.
I test with IE
https://mybox:38181 ssl handshake goes well, I can see the default index page.
IE pops up with the warning message (don’t know the root authority who signed the certificate sent by GF) this is normal. I’ installed the public key of my local root authority, this solve the warning alert.
So far so good, the problem starts when I wanted to activate mutual authentication (server/client)
So:
I create a client certificate on my machine
I signed this certificate with my local authority (the same that signed my server certificate)
I export the client certificate in PKCS12 format so I can install it in the browser
Everything is going well …
I set Glassfish to request a client authentication from the administration console,
(Client Authentication: enabled in http-listener-2 server)
I backup and restart the domain
I install the client certificate in my browser and try
https://mybox:38181
The browser does not open the certificate store to choose a client certificate it seems that the server behave like a one-way SSL authentication)
I configured the logs at FINEST (the most detailed possible but nothing happened)
Is there something wrong with my configuration?
Thank you for your help
[Message sent by forum member 'hachicha' (hachicha)]
http://forums.java.net/jive/thread.jspa?messageID=322116