THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- #Create keystore and certificate
- #Create a Certificate Signing Request (CSR) and import CA reply
- #Import trusted certificates
- #Add an HTTPS listener with client authentication
- #Adding a properties file security realmCertificate Properties File Realm
- #Install certificate on client
...
Once you saved this HTTPS network listener configuration it will get started automatically as you can see in the status displayed. If you try to access this port with your browser it should fail because at this point you have not configured your client with a valid certificate.
Adding a
...
Certificate Properties File Realm
After you configured the HTTPS listener with client authentication, you can add a certificate properties file security realm Certificate Properties File Realm to authenticate web applications.
To create a new security realm, click Add new security realm from the Security Realms portlet. Enter the name of security realm and select Certificate Properties File Realm from the Realm type: dropdown menu. Click Next and follow the instructions.
Create the properties file security realm with the steps described in **. The properties files should be based on the client certificate intended to be used for client authentication. For example, a security realm Certificate Properties File Realm CertificatePropsRealm with the user and group properties files based on My_Private_key created above is as follows:
...
Configure the deployment descriptor and deployment plan of your web application to use the properties file security realm Certificate Properties File Realm for client authentication. For example, applications which use the CertificatePropsRealm security realm must configure their deployment descriptor as follows:
...
<auth-method>CLIENT-CERT</auth-method>: suggests that the auth-method is set toCLIENT-CERTand thus, the certificate properties file realm Certificate Properties File Realm is used for client authentication.
...
<security-realm-name>CertificatePropsRealm</security-realm-name>:CertificatePropsRealmis the properties file security realm Certificate Properties File Realm used for client authentication.
...
To use a client certificate to authenticate against web server, you should first install the CA certificate and the client certificate into your web browser. Most browsers provide such installation function.
Install the CA certificate to designate this CA as trusted and thus, grant access to any web sites certified by this CA. If not installed, accessing web sites certified by this CA leads to a warning message suggesting the "Web Site Certified by an Unknown Authority".
In Most browsers provide such installation function. When using Mozilla Firefox, certificates can be installed with the Import option in the Certificate Manager.