Rodrigo,
To add a little more to Upul's solution: when your client creates their
keystore, they will have to specify a password for the keystore. And then
use that password as the value for the javax.net.ssl.trustStorePassword
property.
And a question for Upul: I think that client does not actually need the
server public key certificate, only a trusted certificate for the
certificate authority that signed the server certificate.
Is that right??
Thanks,
Steev
"Upul Godage" <[EMAIL PROTECTED]> wrote on 05/12/2008 09:34:05 AM:
> You should only export your certificate and give it to the clients.
> You should not give out your keystores.
>
> keytool -keystore .keystore -export -alias yourname -file yourname.cer
>
> Then the client can import this certificate to their keystore and use it.
>
> keytool -keystore .trustStore -import -file yourname.cer
>
> Upul
>
>
> On Mon, May 12, 2008 at 6:13 PM, Asensio, Rodrigo <rodrigo.
> [EMAIL PROTECTED]> wrote:
> hello, I'm developing a web service who runs over https, I have made it
> run successfully (1 way SSL) but I have a couple of questions about best
> practices.
>
> My Company has a .keystore file in the tomcat server with a password
> "somepass".
>
> I published the webservice and tried using this code in the beginning of
> my snippet:
>
> System.setProperty("javax.net.ssl.trustStore",
> "C:/software/tomcat6/bin/.keystore");
>
> System.setProperty("javax.net.ssl.trustStorePassword","somepass");
>
> Since my customer have to do this, I have to give him the password to do
> the authentication, I think he is doing the client in .NET .
> Should I give him the trustStore file and password ?
>
> thank you
>
> Rodrigo
> www.rodrigoasensio.com
>
Steve Gruverman, Programmer
IntelliCare, Inc. | A Medco Health Solutions Company
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
