I'm trying to force certificate authentication for a web user by doing the following:
- Create a self signed certificate
- Import the certificate into Tools > SSL Certificate Manager > Default Trusted Certificates
- Change setting in Security > Web Users > $USER > Authentication > HTTPS/AS2
---- Select Certificate
---- Copy and paste the SHA1 Fingerprint from the SSL Certificate Manager
- Export Private Key and Certificates from the SSL Certificate Manager
- Load the exported certificate into the browser
- Browse to the https://mygaserver/webclient
At his point I was expecting to be logged in but instead I got prompt for login and password.
I tried with:
Chrome 12.0.742.112 on Suse Linux 11
curl 7.19.0 (x86_64-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8h zlib/1.2.3 libidn/1.10
Firefox 8 on RHEL 6.1
Java REST client (client certificate loaded in the local keystore)
but I never manage to bypass the login form.
I don't know if this makes any difference the the SSL certificate used in the server has a different CN than the server itself. Consequently I get a warning from the browser but nothing more.
Any help would be appreciated.