0 Replies Latest reply: Dec 22, 2009 11:21 AM by David Castro RSS

    SSL: How to redirect from HTTPS to HTTP if Client Certificate is not existent?

    David Castro Newbie





      My application requires client certification. Confiruring SSL is not a problem and everything works more than well, my real focus right now is on improving user experience. After following the configuration presented in "how to SSL" you end up with a jboss server that will throw errors to the client whenever he doesn´t have a certificate to identify himself.


      Firefox will show:

      SSL peer cannot verify your certificate.
      (Error code: ssl_error_bad_cert_alert)



      Internet Explorer 8 will show:

      Internet Explorer cannot display the webpage


      When the client has a certificate installed in his browser of course I don´t see those errors.


      SO... The behaviour is correct BUT I would like to be able to redirect my users to a webpage where they can follow instructions to retrieve their certificate... I use right now EJBCA but any CA provides this important page "Get your cert", those usually are found under HTTP so they can be reached by any user that doesn´t have his cert.


      Right now no matter how much I research nobody seems to propose similar situations.


      So I think I could summarize my question in how to redirect users from HTTPS to HTTP if the SSL handshake fails.


      Salu2 and thanks upfront.