keytool -genkey -keystore client.keystore -validity 3650 -keyalg RSA -keysi

1. keytool -genkey -keystore client.keystore -validity 3650
2. -keyalg RSA -keysize 4096 -storetype pkcs12 -alias myClient
3.  
4. keytool -exportcert -keystore client.keystore -alias myClient
5. -storetype pkcs12 -file myClient.crt
6.  
7. keytool -import -file myClient.crt
8. -keystore /etc/pki/wildfly/client.truststore
9.  
10. <security-realm name="UndertowRealm">
11. <server-identities>
12. <ssl>
13. <keystore path="/etc/pki/wildfly/server.keystore" keystore-password="123456" alias="server" key-password="123456"/>
14. </ssl>
15. </server-identities>
16. <authentication>
17. <truststore path="/etc/pki/wildfly/client.truststore" keystore-password="123456"/>
18. <local default-user="$local" skip-group-loading="true"/>
19. <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
20. </authentication>
21. </security-realm>
22. ...
23. <subsystem xmlns="urn:jboss:domain:undertow:2.0">
24. <server name="default-server">
25. <https-listener name="https" socket-binding="https" security-realm="UndertowRealm" verify-client="REQUIRED"/>
26. ...
27. </server>
28. </subsystem>
29.  
30. keytool -v -importkeystore -srckeystore client.keytool
31. -srcalias myClient -destkeystore myClient.key.tmp.pem
32. -deststoretype PKCS12 -destkeypass 123456
33.  
34. openssl pkcs12 -in myClient.key.tmp.pem -nocerts
35. -nodes > myClient.key.pem
36.  
37. 2016-10-31 09:50:55,102 DEBUG [io.undertow.request.io] (default I/O-1) Error reading request: javax.net.ssl.SSLException: Received fatal alert: unknown_ca
38. at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
39. at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
40. at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
41. at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800)
42. at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083)
43. at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
44. at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
45. at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
46. at org.xnio.ssl.JsseSslConduitEngine.engineUnwrap(JsseSslConduitEngine.java:688)
47. at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:620)
48. at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:574)
49. at org.xnio.ssl.JsseSslStreamSourceConduit.read(JsseSslStreamSourceConduit.java:89)
50. at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
51. at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:150)
52. at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:128)
53. at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:56)
54. at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
55. at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
56. at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
57. at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)