Jian, I'm afraid you cannot. Not even at the SSL level can you do this, unless you write your own KeyManager.
When the SSL connection is made, the server will send a list of Issuer DN's which are acceptable, so that the client will decide this way which cert he can present (the decision is also based on algorithms I think). If there is more than one possible cert to use, you don't have control over which is selected. If you control the server-side, then you could remove the root CA's from the trustStore to leave only 1, thereby forcing the client to select the cert issued by that CA. If, however, your client has 2 certs from the same CA, then again... you don't have the control you want. For more information, follow a thread I started in this list on Dec 17 2003, called "SecureSocketFactory pluggability?". I have the same problem. Good luck, Stuart -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday 10 February 2004 20:53 To: [EMAIL PROTECTED] Subject: how to sepcify certificate alias I have two applications that access a web service. We use HTTPS for authenticatoin and encryption. We can get these applications access the service with one certificate stored in one keystore file, but we want them to use two different certificats. The two certificates can be saved in one keystore file. Both applications run inside the same application server instance (JVM). The problem is that we can use system property to specify where the keystore file is, but I can not find in JSSE document how a certificate alias is specified to tell which applicaiton is using which certificate. Any idea? Thanks Jian
