Hi, I have configured my app to be secured by x509
certificates, but can't get the "choose certificate prompt" to be shown
in the browser. This works out of the box in tomcat.
In tomcat the configuration looks like this:
<Connector port="8081" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="want" sslProtocol="TLS"
keystoreFile="keystore"
keystorePass="password" />
When going on the port I am prompted with a ssl renegotiation
(asking what certificate I want to use).
Configuring the same thing in jetty
<New id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath">
<Property name="jetty.keystore"
default="keystore"/>
</Set>
<Set name="KeyStorePassword">
<Property name="jetty.keystore.password"
default="password"/>
</Set>
<Set name="NeedClientAuth">
<Property name="jetty.ssl.needClientAuth"
default="false"/>
</Set>
<Set name="WantClientAuth">
<Property name="jetty.ssl.wantClientAuth"
default="true"/>
</Set>
<Set name="EndpointIdentificationAlgorithm"/>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<New id="sslHttpConfig"
class="org.eclipse.jetty.server.HttpConfiguration">
<Arg>
<Ref refid="httpConfig"/>
</Arg>
<Call name="addCustomizer">
<Arg>
<New
class="org.eclipse.jetty.server.SecureRequestCustomizer"/>
</Arg>
</Call>
</New>
</New>
Gives me 403..
Please help me, Obi-wan-Kenobi, or else I'll have to use the
tomcat solution.
Regards, Espen