Hi there,

I am trying to do a mutual authentication …
My current problem is that is not working using the domain … looks like cloud flare is not forwarding my certs.

basically if I am going direct to IP works fine:

$ curl -k -E clientkey.pem https://18.228.142.39:8443/logged_info (this works fine)

$ curl -k -E clientkey.pem https://xxx.mysite.com:8443/logged_info (I got 525: SSL handshake failed)

I have enabled the ssl debugger and the certificates never reach the service.

some ssl log when I invoke the domain:
upcoming handshake states: server finished[20]
*** Certificate chain

https-jsse-nio-8443-exec-2, fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
https-jsse-nio-8443-exec-2, SEND TLSv1.2 ALERT: fatal, description = bad_certificate
https-jsse-nio-8443-exec-2, WRITE: TLSv1.2 Alert, length = 2
https-jsse-nio-8443-exec-2, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain
https-jsse-nio-8443-exec-2, called closeOutbound()
https-jsse-nio-8443-exec-2, closeOutboundInternal()

Is maybe something missing to enable ?

See the following article:

https://support.cloudflare.com/hc/en-us/articles/115000088491-Cloudflare-TLS-Client-Auth

Unfortunately,

Who is TLS Client Auth available for?
TLS Client Auth is available for Enterprise Cloudflare customers.

This topic was automatically closed after 30 days. New replies are no longer allowed.