Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] HTTPS with client certificate

Hi Max,

The host-header allowing the server to detect the name by which it has been accessed is passed at http level, tls happens first so the client has to accept the invalid certificate before the server can redirect it.

An approach would be to assign a different ip to the internal name "jetty" and do the redirect on that server. of course if clients access via https you need a signed certificate for "jetty", which may imply installing an internal ca to the clients so you can have a ca-signed cert for "jetty".


2010/8/11 Max Larsson <max.larsson@xxxxxxxxxxxxxxxx>

I've got a problem with embbeding jetty 7.1.6.

The Jetty is setup to server SSL secured HTTPConnection,
where the user has to authenticate himself, via his
certificate from a PKI card.

This works like a charm, my problem start with the fine
tuning. Lets assume that the server where jetty runs
has a DNS named like this:


If the user request this server via this URL


The browser fetches the server certificate, which
is issued for jetty.domain.tld and everything works
like it should.

But because the server should be running internally
many user will access the server with this URL:


And there comes now trouble some step, because the
browser request jetty and it doesn't match with the
server from the certificate, the browser issues a warning.

To avoid this i thought about something to tell jetty
to redirect request, which are directed the full DNS
name, to jetty.domain.tld.

I tried various solutions, which all failed, because
the SSLEngine is always instantiated before i can hook
in, and throws somewhere a SSLException with bad certificate.

The following i tried:

 * Overwrite the customize method of the SSLSellectChannleConnector

 * Place a custom Handler between the Server class and the ContextHandlerCollection.

And search to Google failed. And now i have no clue where to go further
any help is appreciate.

best regards

Max Larsson



Max Larsson
facilityboss GmbH
Rheinstrasse 75, 64295 Darmstadt / Germany
Handelsregister Darmstadt, HRB 86193
Geschäftsführer: Dipl.-Inform. Larsson

Fax:   +49 6151 869 278
Mobil: +49 179 2184428
Email: max.larsson@xxxxxxxxxxxxxxxx

jetty-users mailing list

Back to the top