Enable ssl logs by setting -Djavax.net.debug=all JVM option in GlassFish
and see, you may get a clue on what went wrong. Configure FireFox to
ask for your personal certificate every time rather than automatically
selecting one, that can give you a clue on whether the client
certificate was requested or not and whether the right one was finally
sent by firefox ssl client.
Thanks.
glassfish_at_javadesktop.org wrote:
> I wish to make a servlet with mutual authentication through HTTPS.
>
> I make a test servlet.
> I configure the web.xml for CONFIDENTIAL transport etc. (see the web.xml above)
> I open the %glassfishhome%/domains/domain1/config/keystore.jks
> I make new key pair called testCN and save it.
> I open glassfish admin gui (HttpService → http-listener2 → SSL → change the certificate nickname using the nick name testCN) and enable client authentication
>
> I export "private key and certificates" in PKCS#12 format
> I import the exported file in firefox.
> Then try to access the test servlet but it doesn't works(firefox tell me that the connection was interruptedd during the page loading)
>
> What's wrong?
> thanks
>
> p.s. I'm using portecle tool for keystore managment.
>
> WEB.XML
>
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
> <session-config>
> <session-timeout>
> 30
> </session-timeout>
> </session-config>
> <welcome-file-list>
> <welcome-file>index.jsp</welcome-file>
> </welcome-file-list>
> <security-constraint>
> <display-name>Constraint1</display-name>
> <web-resource-collection>
> <web-resource-name>protectedResource</web-resource-name>
> <description/>
> <url-pattern>/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>HEAD</http-method>
> <http-method>PUT</http-method>
> <http-method>OPTIONS</http-method>
> <http-method>TRACE</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description/>
> <role-name>authorized</role-name>
> </auth-constraint>
> <user-data-constraint>
> <description/>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> <auth-method>CLIENT-CERT</auth-method>
> </login-config>
> <security-role>
> <description/>
> <role-name>authorized</role-name>
> </security-role>
> </web-app>
>
> SUN-WEB.XML
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
> <sun-web-app error-url="">
> <context-root>/canc</context-root>
> <security-role-mapping>
> <role-name>authorized</role-name>
> <principal-name>principal</principal-name>
> <group-name>ggroup</group-name>
> </security-role-mapping>
> <class-loader delegate="true"/>
> <jsp-config>
> <property name="keepgenerated" value="true">
> <description>Keep a copy of the generated servlet class' java code.</description>
> </property>
> </jsp-config>
> </sun-web-app>
> [Message sent by forum member 'peppeme' (peppeme)]
>
> http://forums.java.net/jive/thread.jspa?messageID=346401
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>