WildFly 2 way SSL/TLS from smart card
274 views
Skip to first unread message
Yashendra Chandrakar
Oct 26, 2021, 5:21:29 PM10/26/21
to WildFly
I have enabled 2 way SSL/TLS (client certificate authentication) for my application and want browser to read client certificate from connected smart card but it never shows "Select a certificate" dialog. I can access the application only by importing the client certificate to browser.
I have enabled 2 way SSL/TLS through Elytron subsystem following this guide:
If don't have client certificate imported to browser it immediately shows following error in place of showing "Select a certificate" dialog to let me select the certificate from smart card:
This site can’t provide a secure connection
localhost didn’t accept your login certificate, or one may not have been provided.
- Try contacting the system admin.
ERR_BAD_SSL_CLIENT_AUTH_CERT
I can see if I enable 2 way SSL/TLS in a Tomcat server al my browsers always show "Select a certificate" dialog and let me select the certificate from the smart card.
I am wondering how can I force my browser to show "select a certificate" and read client certificate from smart card for WildFly?
Emmanuel Hugonnet
Oct 27, 2021, 8:33:01 AM10/27/21
to wil...@googlegroups.com
You need to add your smartcard to the list of certificate stores of your browser.: in Firefox there is a way to add a pkcs11 store.
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11/Module_Installation
As to selecting your certificate, it seems that if no previous SSL session exists, Firefox should prompt you
Emmanuel
>
> * Try contacting the system admin.
> You received this message because you are subscribed to the Google Groups "WildFly" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/wildfly/df11a4d8-17fb-416b-8ace-8b6c2d6448c3n%40googlegroups.com
> <https://groups.google.com/d/msgid/wildfly/df11a4d8-17fb-416b-8ace-8b6c2d6448c3n%40googlegroups.com?utm_medium=email&utm_source=footer>.
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11/Module_Installation
As to selecting your certificate, it seems that if no previous SSL session exists, Firefox should prompt you
Emmanuel
Le 26/10/2021 à 23:09, Yashendra Chandrakar a écrit :
> I have enabled 2 way SSL/TLS (client certificate authentication) for my application and want browser to read client certificate from
> connected smart card but it never shows "Select a certificate" dialog. I can access the application only by importing the client
> certificate to browser.
>
> I have enabled 2 way SSL/TLS through Elytron subsystem following this guide:
> https://docs.jboss.org/author/display/WFLY/Using%20the%20Elytron%20Subsystem.html#110231569_UsingtheElytronSubsystem-EnableTwowaySSL%2FTLSinWildFlyforApplications
>
> If don't have client certificate imported to browser it immediately shows following error in place of showing "Select a certificate"
> dialog to let me select the certificate from smart card:
>
> This site can’t provide a secure connection
>
> *localhost* didn’t accept your login certificate, or one may not have been provided.
> I have enabled 2 way SSL/TLS (client certificate authentication) for my application and want browser to read client certificate from
> connected smart card but it never shows "Select a certificate" dialog. I can access the application only by importing the client
> certificate to browser.
>
> I have enabled 2 way SSL/TLS through Elytron subsystem following this guide:
> https://docs.jboss.org/author/display/WFLY/Using%20the%20Elytron%20Subsystem.html#110231569_UsingtheElytronSubsystem-EnableTwowaySSL%2FTLSinWildFlyforApplications
>
> If don't have client certificate imported to browser it immediately shows following error in place of showing "Select a certificate"
> dialog to let me select the certificate from smart card:
>
> This site can’t provide a secure connection
>
>
> * Try contacting the system admin.
>
> ERR_BAD_SSL_CLIENT_AUTH_CERT
>
> I can see if I enable 2 way SSL/TLS in a Tomcat server al my browsers always show "Select a certificate" dialog and let me select the
> certificate from the smart card.
>
> I am wondering how can I force my browser to show "select a certificate" and read client certificate from smart card for WildFly?
>
> --
> ERR_BAD_SSL_CLIENT_AUTH_CERT
>
> I can see if I enable 2 way SSL/TLS in a Tomcat server al my browsers always show "Select a certificate" dialog and let me select the
> certificate from the smart card.
>
> I am wondering how can I force my browser to show "select a certificate" and read client certificate from smart card for WildFly?
>
> You received this message because you are subscribed to the Google Groups "WildFly" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/wildfly/df11a4d8-17fb-416b-8ace-8b6c2d6448c3n%40googlegroups.com
> <https://groups.google.com/d/msgid/wildfly/df11a4d8-17fb-416b-8ace-8b6c2d6448c3n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Yashendra Chandrakar
Nov 4, 2021, 11:30:39 AM11/4/21
to WildFly
Appreciate your response
Emmanuel. Looks like something else in play here.
If I enable 2 way SSL in Tomcat web server using the same certificate from the wildfly, all my browsers including Firefox, Chrome, IE shows "Select a certificate" but none of these browsers show "Select a certificate" dialog when I enable 2 way SSL in wildfly. In case of wildfly I can access 2 way SSL enabled page only if I have certificate installed in browser.
Reply all
Reply to author
Forward
0 new messages