- JBoss Operations Network (ON) 3.1
- Apache Web Server using
mod_proxyin front of JBoss ON user-interface (UI)
- 'mod_proxy' address is using TLS/SSL encryption with client authentication disabled
We see the following warning repeatedly in the Apache error log when a client connects:
[warn] Proxy client certificate callback: (jon-proxy.myhost.com:443) downstream server wanted client certificate but none are configured
Connection problems with server
- Some clients fail to get the login prompt from the server
- Login page just clocks in the browser
- Server is requesting a client certificate
- Is there a way to disable the use of client certificates on the server side?
If client authentication is not in use, set the
rhq.server.tomcat.security.client-auth-mode property in
false and restart the JBoss ON server.
By default, the JBoss ON server configuration sets Tomcat's
clientAuth property for its SSL connector to
want. This will prompt the client for a certificate and use the certificate if the client provides one. If mod_proxy is not configured to provide a client certificate, it logs a warning to identify that a request was made but no client certificate was available.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.