Asking for client certificates when connecting to HTTP server from browser

804 views
Skip to first unread message

Ian Andrews

unread,
Jan 4, 2017, 12:11:23 PM1/4/17
to vert.x

Hello,

I have an app where I'd like to perform authentication using client certificates.  From looking at the different settings in HttpServerOptions, I'd assume that all I need to do is something like this:

HttpServerOptions options = new HttpServerOptions()
      .setHost("0.0.0.0")
      .setPort(443)
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPfxKeyCertOptions(new PfxOptions()
            .setPath("/home/person/certs/server.p12")
            .setPassword("password"));


However, when I attempt to connect to my app using either Chrome or Firefox, I get an error stating that the "connection was interrupted while the page was loading" or "could not get any response".  If I use ClientAuth.REQUEST in the above code snippet, the page loads, but the browser doesn't ask which certificate to send, and if I attempt to get at the client certs by calling context.request().peerCertificateChain() I get a SSLPeerUnverifiedException with an error message saying that the client is not authenticated.

What else do I need to do to cause the browser to prompt me to send a client certificate?  Would a reproducer be helpful?

Thanks,

Ian

Thomas SEGISMONT

unread,
Jan 9, 2017, 5:11:04 AM1/9/17
to ve...@googlegroups.com
I believe you should use setPfxTrustOptions , see http://vertx.io/docs/vertx-core/java/#_specifying_trust_for_the_server

--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/daaf227c-5c80-483d-a252-a89719e1a36b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ian Andrews

unread,
Jan 10, 2017, 9:20:42 AM1/10/17
to vert.x
Hi Thomas,

I tried setting the PfxTrustOptions in addition to the PfxKeyCertOptions and my browsers still do not ask for my client cert.  Is there something else I could be missing?

Thanks,

Ian

ANKUR LUTHRA

unread,
Sep 26, 2019, 8:26:57 AM9/26/19
to vert.x
I am stuck with the same problem. Is it resolved. If yes, can you provide some pointers
Reply all
Reply to author
Forward
0 new messages