I have a web application deployed on Tomcat 7 running on Openshift. I managed to enable HTTP-to-HTTPS redirection on the server (instruction).
I don't have valid certificate. So I have to use the original URL https://foo-bar.rhcloud.com (no custome URL).
Now I'd like to enable x509 authentication in my application. I know how to do it on Tomcat on my local machine. But the HTTPS connector for my application on Openshift is commented out.
I tried to add <login-config> to the web.xml but it didn't work (it didn't ask me for client certificate). Here's the web.xml config:
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
Questions:
1. How can I enable x509 authentication?
2. Since I don't have valid client certificate, how can I specify the trusted keystore for Tomcat?
Thanks in advance.
