You are right. Based on your email and Stuart's, KeyManager is one
possibility to tackle the problem.
I'll see whether I can use the other alternative from Stuart about using
different CA. I want to keep my code
clean from any security logic if possible.
Thanks a lot, Resonses from you and Stuart are really appreciated.
JIan
Leo de Blaauw
<[EMAIL PROTECTED] To: "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>
> cc:
Subject: RE: how to sepcify
certificate alias
11/02/2004 09:16
AM
Please respond to
axis-user
Well,
Just in short we went trough a whole discussion with IBM and apparently its
not that common to want
to do this from code. They come the suggestion pretty quick to write your
own keymanager, wich is
really not that difficult. I just havent found the time nor a way to send a
param from axis to this custom
keymanager class to instruct it what certificate alias to use ? It seems to
be uncharted teritories as i
have discovered the hard way...
Greetz
Leo
-----Oorspronkelijk bericht-----
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Verzonden: woensdag, februari 2004 15:13
Aan: [EMAIL PROTECTED]
CC: '[EMAIL PROTECTED]'
Onderwerp: RE: how to sepcify certificate alias
We are using IBM implementation.
We want to deploy two applications into the same JVM and what we have done
so far is
to define the system properties directly as JVM parameters. So both
applications share the
same system properties, and hence the same keystore file path.
Even we put these definitions into the application code, I think that won't
work either
because the second application that runs the code for setting system
properties will
change the system properties values set by the first application at run
time (the first
application refers to the application that runs the system properties
values setting code first).
I really do not understand how come JSSE does not allow specifying the
alias
while the keystore file can store multiple certificates.
Thanks for the comments.
Jian
Leo de Blaauw
<[EMAIL PROTECTED] To:
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> cc:
Subject: RE: how to sepcify
certificate alias
11/02/2004 02:44
AM
Please respond to
axis-user
Hi,
Well the short answer is it depends on the ssl library you use, for
instance sun or ibm.
Both, as far as i know, dont allow you to do this out of the box. In my
experience they
they both take the first client certificate found in the key store. We just
use a different
key store per client. You could write your own keymanager class wich
subclasses the
keymanager of your ssl implementation, but i have not found a working way
yet on
using that from within axis.
Greetz
Leo
-----Oorspronkelijk bericht-----
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag, februari 2004 20:53
Aan: [EMAIL PROTECTED]
Onderwerp: how to sepcify certificate alias
I have two applications that access a web service. We use HTTPS for
authenticatoin and encryption.
We can get these applications access the service with one certificate
stored in one keystore file,
but we want them to use two different certificats. The two certificates can
be saved in one keystore file.
Both applications run inside the same application server instance (JVM).
The problem is that we can use system property to specify where the
keystore file is, but I can not find
in JSSE document how a certificate alias is specified to tell which
applicaiton is using which certificate.
Any idea?
Thanks
Jian
De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor
de
geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of
verstrekking
van deze informatie aan derden is niet toegestaan. Indien dit bericht niet
voor u
bestemd is, verzoeken wij u vriendelijk dit bericht te retourneren zodat
dit in de
toekomst kan worden voorkomen. Ondanks het feit dat IZA Nederland al haar
e-mail
berichten controleert op virussen, staat zij niet in voor het virusvrij
verzenden c.q.
ontvangen van deze berichten.
De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor
de
geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of
verstrekking
van deze informatie aan derden is niet toegestaan. Indien dit bericht niet
voor u
bestemd is, verzoeken wij u vriendelijk dit bericht te retourneren zodat
dit in de
toekomst kan worden voorkomen. Ondanks het feit dat IZA Nederland al haar
e-mail
berichten controleert op virussen, staat zij niet in voor het virusvrij
verzenden c.q.
ontvangen van deze berichten.
