如何在 GlassFish 中启用可选客户端证书请求？

发布于 2024-10-12 12:18:54 字数 1001 浏览 2 评论 0原文

In domain.xml, please add the following property to http-listener element
<property name="com.sun.grizzly.ssl.auth" value="want"/>

但是，在添加此内容时对于我的 GlassFish v3 domain.xml，不请求现有的浏览器客户端证书。 GlassFish 服务器已正确设置，即需要客户端证书并将“client-auth-enabled”选项设置为 true。

GlassFish bugtracker (1) 提到了一个不同的版本：

 * client-auth: want/need/<blank>

但是，这个属性也没有被接受。

其他人也有同样的问题（2）。

如何在 GlassFish 中启用可选客户端证书请求？还有其他选择吗？

(1) http://java.net/jira/browse/GLASSFISH-6935
(2) https://stackoverflow.com/questions/3634129/configure -glassfish-v3-client-auth-requested-to-want

原文

The Blog site (Client-Auth REQUESTED in GlassFish) reads:

In domain.xml, please add the following property to http-listener element
<property name="com.sun.grizzly.ssl.auth" value="want"/>

However, when adding this to my GlassFish v3 domain.xml, the existing browser client certificate is not requested. The GlassFish server is properly set up, i.e., requires client certificates with the option "client-auth-enabled" set to true.

The GlassFish bugtracker (1) mentions a different version:

 * client-auth: want/need/<blank>

However, this property doesn't get accepted either.

Others have the same problem (2).

How can I enable an optional client certificate request in GlassFish? Are there alternatives?

(1) http://java.net/jira/browse/GLASSFISH-6935
(2) https://stackoverflow.com/questions/3634129/configure-glassfish-v3-client-auth-requested-to-want

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

随梦而飞# 2024-10-19 12:18:54

可能是因为它不存在。

*当您处理 HTTPS 中的客户端证书时，请记住您的 HTTPS 侦听器配置。 SSLv3/TLS 协议允许 HTTPS 套接字的三种模式。

* The traditional mode requires a single server certificate. An HTTPS client (typically a web browser) validates the server identity by matching the certificate to a list, or truststore, of Certificate Authorities. You probably use this mode every day during typical log-in activity.

* Another mode requires both client and server certificates. The client certificate is validated by the server side, and the server certificate is validated by the client side.

* The third mode requires a server certificate, but the client certificate is optional.

*在现实世界中，无论用户是通过密码还是证书进行身份验证，您都希望使用相同的 HTTPS URL。此方法需要支持第三种可选客户端证书模式的服务器。在撰写本文时，GlassFish 应用程序服务器不支持此模式。幸运的是，OpenSSO 支持的 Apache Tomcat Web 服务器可以作为替代方案。供参考

Probably because it doesn't exist.

*When you deal with client certificates in HTTPS, keep in mind your HTTPS listener configurations. The SSLv3/TLS protocol allows three modes for an HTTPS socket.

* The traditional mode requires a single server certificate. An HTTPS client (typically a web browser) validates the server identity by matching the certificate to a list, or truststore, of Certificate Authorities. You probably use this mode every day during typical log-in activity.

* Another mode requires both client and server certificates. The client certificate is validated by the server side, and the server certificate is validated by the client side.

* The third mode requires a server certificate, but the client certificate is optional.

*In the real world, you want to use the same HTTPS URL whether a user is authenticated by password or certificate. This approach requires a server that supports the third, optional client certificate mode. At this writing, the GlassFish application server does not support this mode. Fortunately, the Apache Tomcat web server, supported by OpenSSO, is available as an alternative. For Reference

回复收藏 0 原文

~没有更多了~