GF4 Mutual authentication
I use GlassFish 4 and Netbeans 7.4.
I imported SSL certificate to keystores file - it works. (from this tutorial: http://javadude.wordpress.com/2010/04/06/getting-started-with-glassfish-...)
Next, I tried implement certificate authorization (certificate created by keytool) and it works too (from this: http://mohitag80.blogspot.com/2012/02/enabling-certificate-based.html), but "certificate realm" - no, because user can go to places, where he shouldn't have access to but now it isn't main problem.
When I was trying do this (cert Auth) with original certificate (with true CA) it didn't work: My browser couldn't open site. I added certificate (.cer) in cacert.jks file and in glassfish admins panel I selected "Client Authentication" on enabled, but situation didn't change. I downloaded certificate (rootca.crt) and when I imported it to cacert.jks then my certificate (.cer) passed authorization. Unfortunatelly, after this I discovered that everybody with different certificate (.cer) but from (only) this CA may have to authorization to protected resources despite his certificates (.cer) aren't in cacerts.jks. When I deleted my certificate (.cer) from cacerts file I could still login to protected resources. When I deleted rootca (.crt) from cacert I lost my access using this certificate.
I want login to resources using my certificate but other certificates (ex. which aren't in cacerts file) has to block. Is it possible? If yes, where do I make mistake?
I have selected in GF admin: SSL, TLS, Client Authentication.
I have defined Certificate NickName (it works) and Max Certificate Length on 5. Other options in configurations->server-config->HTTP-Services-->HTTP-Listeners>http-listener-2 are on default.