I'm trying to configure client authentication for my application running on JBoss. Expected result is that application requests user for certificate and if trusted one is provided, he will be able to work with application.
I've generated certificate and added one into trustore (JBoss.keystore) and also configured standalone.xml file as follow:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
<ssl name="ssl" key-alias="ssl alias" password="password" certificate-key-file="..\standalone\configuration\JBoss.keystore" protocol="TLSv1.2" verify-client="true"/>
<virtual-server name="my-host" />
</connector>
I thought that setting secure property true will do the trick, but browser does not ask for user certificate, but immediately returns error ERR_BAD_SSL_CLIENT_AUTH_CERT. Browser is configured to ask for certificate each time, if required.
How to change server configuration into expected behavior?
I have found an answer. The solution was to import CA certificate that signed client certificate into truststore, instead of importing client certificate itself. After importing CA certificate, each certificate that was signed by CA and imported into browser is displayed to be chosen from.