Hi,
I wonder about configuring the GlassFish (V2.1) HTTPS connector to allow for the checking of specific X.509v3 (extended) key usage values in client certificates which are used for authenticating the client in HTTPS sessions having the HTTPS connector configured with client-auth-enabled="true".
Background for that question is that a user may have a number of certificates available for different purposes (e. g. all on a smartcard and properly signed by a CA configured as trusted in GlassFish's cacerts.jks certificate store) and only those with certain X.509v3 (extended) key usage settings shall be allowed for user authentication. Other certificates (even if issued by a trusted CA) shall be rejected for the HTTPS client authentication.
Thanks a lot for any recommendations / references.
[Message sent by forum member 'peter_w' (peter.windirsch_at_t-systems.com)]
http://forums.java.net/jive/thread.jspa?messageID=382735