Sometimes in browsers, if a single client certificate is alone installed, the browser dosent prompt for a certificate select input from the user and selects the lone installed client certificate to be sent to the server. This might mislead the user to thinking that client certificate is not being requested by the server.Could you check the same scenario after installing one more certificate on your browser? When there are atleast 2 certificates, the browser prompts for selection.
Another way to verify client-certificate requests is to enable ssl on in the server configuration. This could be done by including this jvm-option to the existing jvm-options in <GF-ROOT>/domains/<domain>/config/domain.xml and restarting the server
<jvm-options>-Djavax.net.debug=ssl</jvm-options>
This option prints the SSL transport between the server and the client which is explained in this article :
http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#SSLOverview
In particular, the occurence of (4) and (9) in the transport indicate that the client certificate is being requested for and sent respectively.
HTH,
Nithya
[Message sent by forum member 'nitkal' (nitkal)]
http://forums.java.net/jive/thread.jspa?messageID=322314