[
https://issues.apache.org/jira/browse/CLEREZZA-512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030689#comment-13030689
]
Henry Story commented on CLEREZZA-512:
--------------------------------------
I start it with
java -Xmx512m -XX:MaxPermSize=248M -Dfile.encoding=utf-8 -jar
../target/platform.launcher.tdb-0.5-incubating-SNAPSHOT.jar
--https_keystore_clientauth want --https_port 8443 --https_keystore_path
/Users/hjs/tmp/cert/KEYSTORE.jks --https_keystore_password secret
you need the keystore_path if you have a certificate+private key from a
Certificate Authority to avoid the ugly error messages appearing.
> SSL Client Authentication
> -------------------------
>
> Key: CLEREZZA-512
> URL: https://issues.apache.org/jira/browse/CLEREZZA-512
> Project: Clerezza
> Issue Type: Question
> Reporter: franco fallica
> Priority: Minor
>
> Hi,
> We have the need for SSL Client Authentication and I'm not sure how we would
> do that.
> So this is the scenario:
> We have a Jax.rs resource http://domain.com/something/store
> This resource should only be accessible per https and only by "known users"
> and they should be autenticated by a SSL Certificate. Other resources should
> still be accessible over http with normal user login etc.
> I understand that for this Clerezza needs to be started with the --https_port
> and --https_keystore_password parameters. Additionaly I guess it needs
> --https_keystore_clientauth need (not want), right?
> And then we need to import the publicKey of the client to the keystore, but
> how will this publicKey be mapped to a user in clerezza?
> I also saw that in the repo is a foafssl bundle, is that what we need?
> Can somebody please explain and/or point us to additional resources to read?
> Thanks very much
> franco
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
