I use
a different alias for each certificate and it is working. I have about 10
certificates in the trust store file and the client can talk to each of those
server.
Soniya
-----Original Message-----
From: bethana kumar [mailto:[EMAIL PROTECTED]
Sent: Τετάρτη, 11 Φεβρουαρίου 2004 12:08 μμ
To: [EMAIL PROTECTED]
Subject: RE: how to sepcify certificate aliasHiI really do not understand how come JSSE does not allow specifying the
alias
while the keystore file can store multiple certificates
U can give different alias name for each certificate....if u give different names then we can store multiple certfictes in same keystore.
Why dont u read application specific parameters from web.xml...we have done this type ..
what we made is that in our web.xml we made CERTIFICATE FILE as a key and its values are different for different application
Ex: CERTIFICATE FILE= ../webapps/location/WEB-INF/dialogsKeystore.bin../webapps/location/WEB-INF/dialogsKeystore.bin
passPhrase="abcd"; //password for this keystore.
here dialogsKeystore.bin contains all certificates relevant to this application.
In your code u can write like this
Security.setProperty("javax.net.ssl.trustStore",CERTIFICATEFILE);
Security.setProperty("javax.net.ssl.trustStorePassword",passPhrase);
[EMAIL PROTECTED] wrote:
We are using IBM implementation.
We want to deploy two applications into the same JVM and what we have done
so far is
to define the system properties directly as JVM parameters. So both
applications share the
same system properties, and hence the same keystore file path.
Even we put these definitions into the application code, I think that won't
work either
because the second application that runs the code for setting system
properties will
change the system properties values set by the first application at run
time (the first
application refers to the application that runs the system properties
values setting code first).
I really do not understand how come JSSE does not allow specifying the
alias
while the keystore file can store multiple certificates.
Thanks for the comments.
Jian
Leo de Blaauw
<[EMAIL PROTECTED] To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> cc:
Subject: RE: how to sepcify certificate alias
11/02/2004 02:44
AM
Please respond to
axis-user
Hi,
Well the short answer is it depends on the ssl library you use, for
instance sun or ibm.
Both, as far as i know, dont allow you to do this out of the box. In my
experience they
they both take the first client certificate found in the key store. We just
use a different
key store per client. You could write your own keymanager class wich
subclasses the
keymanager of your ssl implementation, but i have not found a working way
yet on
using that from within axis.
Greetz
Leo
-----Oorspronkelijk bericht-----
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag, februari 2004 20:53
Aan: [EMAIL PROTECTED]
Onderwerp: how to sepcify certificate alias
I have two applications that access a web service. We use HTTPS for
authenticatoin and encryption.
We can get these applications access the service with one certificate
stored in one keystore file,
but we want them to use two different certificats. The two certificates can
be saved in one keystore file.
Both applications run inside the same application server instance (JVM).
The problem is that we can use system property to specify where the
keystore file is, but I can not find
in JSSE document how a certificate alias is specified to tell which
applicaiton is using which certificate.
Any idea?
Thanks
Jian
De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor
de
geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of
verstrekking
van deze informatie aan derden is niet toegestaan. Indien dit bericht niet
voor u
bestemd is, verzoeken wij u vriendelijk dit bericht te retourneren zodat
dit in de
toekomst kan worden voorkomen. Ondanks het feit dat IZA Nederland al haar
berichten controleert op virussen, staat zij niet in voor het virusvrij
verzenden c.q.
ontvangen van deze berichten.
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online
