[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] HTTPS with client certificate
|
Hi Retro,
An approach would be to assign a different ip to the internal name
"jetty" and do the redirect on that server. of course if clients access
via https you need a signed certificate for "jetty", which may imply
installing an internal ca to the clients so you can have a ca-signed
cert for "jetty".
Well, i think is found a solution. The server certificates can be issued
with alternatives host names. Maybe the solution is just to give jetty
name as alternative DNS name.
Thanks a lot for your point of view.
regards
Max
reto
2010/8/11 Max Larsson <max.larsson@xxxxxxxxxxxxxxxx
<mailto:max.larsson@xxxxxxxxxxxxxxxx>>
Hello,
I've got a problem with embbeding jetty 7.1.6.
The Jetty is setup to server SSL secured HTTPConnection,
where the user has to authenticate himself, via his
certificate from a PKI card.
This works like a charm, my problem start with the fine
tuning. Lets assume that the server where jetty runs
has a DNS named like this:
jetty.domain.tld
If the user request this server via this URL
https://jetty.domain.tld
The browser fetches the server certificate, which
is issued for jetty.domain.tld and everything works
like it should.
But because the server should be running internally
many user will access the server with this URL:
https://jetty
And there comes now trouble some step, because the
browser request jetty and it doesn't match with the
server from the certificate, the browser issues a warning.
To avoid this i thought about something to tell jetty
to redirect request, which are directed the full DNS
name, to jetty.domain.tld.
I tried various solutions, which all failed, because
the SSLEngine is always instantiated before i can hook
in, and throws somewhere a SSLException with bad certificate.
The following i tried:
* Overwrite the customize method of the SSLSellectChannleConnector
* Place a custom Handler between the Server class and the
ContextHandlerCollection.
And search to Google failed. And now i have no clue where to go further
any help is appreciate.
best regards
Max Larsson
--
_____________________________________________________________________
Max Larsson
facilityboss GmbH
Rheinstrasse 75, 64295 Darmstadt / Germany
Handelsregister Darmstadt, HRB 86193
Geschäftsführer: Dipl.-Inform. Larsson
Fax: +49 6151 869 278
Mobil: +49 179 2184428
Email: max.larsson@xxxxxxxxxxxxxxxx
<mailto:max.larsson@xxxxxxxxxxxxxxxx>
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx <mailto:jetty-users@xxxxxxxxxxx>
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users
--
_____________________________________________________________________
Max Larsson
facilityboss GmbH
Rheinstrasse 75, 64295 Darmstadt / Germany
Handelsregister Darmstadt, HRB 86193
Geschäftsführer: Dipl.-Inform. Larsson
Fax: +49 6151 869 278
Mobil: +49 179 2184428
Email: max.larsson@xxxxxxxxxxxxxxxx
begin:vcard
fn:Max Larsson
n:Larsson;Max
email;internet:max.larsson@xxxxxxxxxxxxxxxx
x-mozilla-html:FALSE
version:2.1
end:vcard