|Re: [jetty-users] HTTPS with client certificate|
An approach would be to assign a different ip to the internal name "jetty" and do the redirect on that server. of course if clients access via https you need a signed certificate for "jetty", which may imply installing an internal ca to the clients so you can have a ca-signed cert for "jetty".
Well, i think is found a solution. The server certificates can be issued with alternatives host names. Maybe the solution is just to give jetty name as alternative DNS name. Thanks a lot for your point of view. regards Max
reto 2010/8/11 Max Larsson <max.larsson@xxxxxxxxxxxxxxxx <mailto:max.larsson@xxxxxxxxxxxxxxxx>> Hello, I've got a problem with embbeding jetty 7.1.6. The Jetty is setup to server SSL secured HTTPConnection, where the user has to authenticate himself, via his certificate from a PKI card. This works like a charm, my problem start with the fine tuning. Lets assume that the server where jetty runs has a DNS named like this: jetty.domain.tld If the user request this server via this URL https://jetty.domain.tld The browser fetches the server certificate, which is issued for jetty.domain.tld and everything works like it should. But because the server should be running internally many user will access the server with this URL: https://jetty And there comes now trouble some step, because the browser request jetty and it doesn't match with the server from the certificate, the browser issues a warning. To avoid this i thought about something to tell jetty to redirect request, which are directed the full DNS name, to jetty.domain.tld. I tried various solutions, which all failed, because the SSLEngine is always instantiated before i can hook in, and throws somewhere a SSLException with bad certificate. The following i tried: * Overwrite the customize method of the SSLSellectChannleConnector * Place a custom Handler between the Server class and the ContextHandlerCollection. And search to Google failed. And now i have no clue where to go further any help is appreciate. best regards Max Larsson -- _____________________________________________________________________ Max Larsson facilityboss GmbH Rheinstrasse 75, 64295 Darmstadt / Germany Handelsregister Darmstadt, HRB 86193 Geschäftsführer: Dipl.-Inform. Larsson Fax: +49 6151 869 278 Mobil: +49 179 2184428 Email: max.larsson@xxxxxxxxxxxxxxxx <mailto:max.larsson@xxxxxxxxxxxxxxxx> _______________________________________________ jetty-users mailing list jetty-users@xxxxxxxxxxx <mailto:jetty-users@xxxxxxxxxxx> https://dev.eclipse.org/mailman/listinfo/jetty-users _______________________________________________ jetty-users mailing list jetty-users@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/jetty-users
-- _____________________________________________________________________ Max Larsson facilityboss GmbH Rheinstrasse 75, 64295 Darmstadt / Germany Handelsregister Darmstadt, HRB 86193 Geschäftsführer: Dipl.-Inform. Larsson Fax: +49 6151 869 278 Mobil: +49 179 2184428 Email: max.larsson@xxxxxxxxxxxxxxxx
begin:vcard fn:Max Larsson n:Larsson;Max email;internet:max.larsson@xxxxxxxxxxxxxxxx x-mozilla-html:FALSE version:2.1 end:vcard
Back to the top