0 Replies Latest reply: Dec 22, 2009 11:21 AM by David Castro RSS

SSL: How to redirect from HTTPS to HTTP if Client Certificate is not existent?

David Castro Newbie

 

 

Hi,

 

My application requires client certification. Confiruring SSL is not a problem and everything works more than well, my real focus right now is on improving user experience. After following the configuration presented in "how to SSL" you end up with a jboss server that will throw errors to the client whenever he doesn´t have a certificate to identify himself.

 

Firefox will show:

SSL peer cannot verify your certificate.
(Error code: ssl_error_bad_cert_alert)

 

 

Internet Explorer 8 will show:

Internet Explorer cannot display the webpage

 

When the client has a certificate installed in his browser of course I don´t see those errors.

 

SO... The behaviour is correct BUT I would like to be able to redirect my users to a webpage where they can follow instructions to retrieve their certificate... I use right now EJBCA but any CA provides this important page "Get your cert", those usually are found under HTTP so they can be reached by any user that doesn´t have his cert.

 

Right now no matter how much I research nobody seems to propose similar situations.

 

So I think I could summarize my question in how to redirect users from HTTPS to HTTP if the SSL handshake fails.

 

Salu2 and thanks upfront.