My application requires client certification. Confiruring SSL is not a problem and everything works more than well, my real focus right now is on improving user experience. After following the configuration presented in "how to SSL" you end up with a jboss server that will throw errors to the client whenever he doesn´t have a certificate to identify himself.
Firefox will show:
SSL peer cannot verify your certificate.
(Error code: ssl_error_bad_cert_alert)
Internet Explorer 8 will show:
Internet Explorer cannot display the webpage
When the client has a certificate installed in his browser of course I don´t see those errors.
SO... The behaviour is correct BUT I would like to be able to redirect my users to a webpage where they can follow instructions to retrieve their certificate... I use right now EJBCA but any CA provides this important page "Get your cert", those usually are found under HTTP so they can be reached by any user that doesn´t have his cert.
Right now no matter how much I research nobody seems to propose similar situations.
So I think I could summarize my question in how to redirect users from HTTPS to HTTP if the SSL handshake fails.