RE: how to use client ssl certificates??

[Leo de Blaauw]

Title: how to use client ssl certificates??

Hmm, Yes i figured something like that, unfortunately... We are using the IBM implementation of jsse(ibmjsse.jar) wich we had a fair deal of problems with allready in dealing with client certificates under websphere 5... Maybe one option would be to have two different clients each with their own certificate store, but i am sure the certificate store gets cached somewhere under the hood as well so you would have to make sure they use different vm's with each their own certificate store i think ?? The ibm classes allready differ slightly here and there from the sun implementation, we found that out the hard way....with stuff working fine under the sun implementation and just plain failing under the ibm implementation...   So not sure wich route to take at this time, any suggestions very much appreciated and if i find out a solution i will also post it here as well. Pankaj, thanks for the pointers so far ! Greetings, Leo -----Oorspronkelijk bericht----- Van: Pankaj Kumar [mailto:[EMAIL PROTECTED] Verzonden: dinsdag, oktober 2003 4:44 Aan: [EMAIL PROTECTED] Onderwerp: Re: how to use client ssl certificates?? You are right that under the hood Java takes the first found client certificate from the keystore (BTW, cacerts file is usually used for storing certificates of trusted CAs and not client certificate). You can override the default behavior by writing your own Keymanager class and installing that as the default. Refer to JSSE guide at http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html for details.   Pankaj Kumar http://www.j2ee-security.net ----- Original Message ----- From: Leo de Blaauw To: [EMAIL PROTECTED] Apache. Org (E-mail) Sent: Monday, October 13, 2003 7:05 AM Subject: how to use client ssl certificates?? Hi all, Has anybody succesfully tried to use different ssl client certificates from one axis generated client ? What we have right now works fine for the one client certificate to send a message to a .NET based webservice from an axis generated client. It seems however that under the hood java takes the first found client certificate from the cacerts file we use.. Is there any way at a lower level to influence wich client certificate gets presented during the connection setup ? Sincere greetings Leo de Blaauw De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor de geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of verstrekking van deze informatie aan derden is niet toegestaan. Indien dit bericht niet voor u bestemd is, verzoeken wij u vriendelijk dit bericht te retourneren zodat dit in de toekomst kan worden voorkomen. Ondanks het feit dat IZA Nederland al haar e-mail berichten controleert op virussen, staat zij niet in voor het virusvrij verzenden c.q. ontvangen van deze berichten. De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor de geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of verstrekking van deze informatie aan derden is niet toegestaan. Indien dit bericht niet voor u bestemd is, verzoeken wij u vriendelijk dit bericht te retourneren zodat dit in de toekomst kan worden voorkomen. Ondanks het feit dat IZA Nederland al haar e-mail berichten controleert op virussen, staat zij niet in voor het virusvrij verzenden c.q. ontvangen van deze berichten.