incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henry Story (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLEREZZA-512) SSL Client Authentication
Date Mon, 09 May 2011 11:22:03 GMT

    [ https://issues.apache.org/jira/browse/CLEREZZA-512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030689#comment-13030689
] 

Henry Story commented on CLEREZZA-512:
--------------------------------------

I start it with 

java -Xmx512m -XX:MaxPermSize=248M  -Dfile.encoding=utf-8 -jar ../target/platform.launcher.tdb-0.5-incubating-SNAPSHOT.jar
--https_keystore_clientauth want  --https_port 8443 --https_keystore_path /Users/hjs/tmp/cert/KEYSTORE.jks
--https_keystore_password secret

you need the keystore_path if you have a certificate+private key from a Certificate Authority
to avoid the ugly error messages appearing.

> SSL Client Authentication
> -------------------------
>
>                 Key: CLEREZZA-512
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-512
>             Project: Clerezza
>          Issue Type: Question
>            Reporter: franco fallica
>            Priority: Minor
>
> Hi,          
> We have the need for SSL Client Authentication and I'm not sure how we would do that.
> So this is the scenario: 
> We have a Jax.rs resource http://domain.com/something/store
> This resource should only be accessible per https and only by "known users" and they
should be autenticated by a SSL Certificate. Other resources should still be accessible over
http with normal user login etc. 
> I understand that for this Clerezza needs to be started with the --https_port and --https_keystore_password
parameters. Additionaly I guess it needs --https_keystore_clientauth need (not want), right?
> And then we need to import the publicKey of the client to the keystore, but how will
this publicKey be mapped to a user in clerezza? 
> I also saw that in the repo is a foafssl bundle, is that what we need?
> Can somebody please explain and/or point us to additional resources to read? 
> Thanks very much
> franco

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message