How to disable SSL client certificates?

[Lucas]

Hi

How do I configure the Jetty server to *not* ask for client certificates?

I can see when connection to my server that the server send this:

(Using openssl s_client -connect gocd.mycompany.com:8154)

---

Acceptable client certificate CA names

/OU=Cruise intermediate certificate/emailAddress=sup...@thoughtworks.com

Client Certificate Types: RSA sign, DSA sign, ECDSA sign

Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1

Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1

Peer signing digest: SHA512

Server Temp Key: DH, 1024 bits

---

So every time I connect to the the web app on the Go:CD server with my browser (Safari) I get prompted to select a client certificate. And also every time the web pages reloaded itself which is quite often.

Thanks

Lucas

[Ketan Padegaonkar]

This is a known issue with Safari.

Unfortunately, we can't disable client certs because that's what agents use for authentication and authorization. You may use a different browser, or put an HTTP reverse proxy (nginx/apache) in front of the server to not see this warning.

--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.