I can give different aliases to different certificates.
The problem is that the first one that CA recognize will be taken no matter
which client is accessing the server.
How did you tell the implemenation the alias value?
I went to the bookstore and found in the book "J2EE Security" by Pankaj
Jumar. The book basically said that
with the default implementation, you can not:
1) use different password from the keystore file for certificate
2) the first "valid" certificate (from the CA on the server side) will be
picked up by the default implementation.
The second one or any other one doesn't have a chance to be used.
The solution is to implement the KeyManager and KeyManagerFactory.
"Shah, Soniya M.
[RA]" To: "'[EMAIL PROTECTED]'" <[EMAIL
PROTECTED]>
<[EMAIL PROTECTED] cc:
.com> Subject: RE: how to sepcify
certificate alias
11/02/2004 12:44
PM
Please respond to
axis-user
I use a different alias for each certificate and it is working. I have
about 10 certificates in the trust store file and the client can talk to
each of those server.
Soniya
-----Original Message-----
From: bethana kumar [mailto:[EMAIL PROTECTED]
Sent: Τετάρτη, 11 Φεβρουαρίου 2004 12:08 μμ
To: [EMAIL PROTECTED]
Subject: RE: how to sepcify certificate alias
Hi
I really do not understand how come JSSE does not allow specifying
the
alias
while the keystore file can store multiple certificates
U can give different alias name for each certificate....if u give
different names then we can store multiple certfictes in same
keystore.
Why dont u read application specific parameters from web.xml...we
have done this type ..
what we made is that in our web.xml we made CERTIFICATE FILE as a
key and its values are different for different application
Ex: CERTIFICATE FILE=
../webapps/location/WEB-INF/dialogsKeystore.bin../webapps/location/WEB-INF/dialogsKeystore.bin
passPhrase="abcd"; //password for this keystore.
here dialogsKeystore.bin contains all certificates relevant to this
application.
In your code u can write like this
Security.setProperty("javax.net.ssl.trustStore",CERTIFICATEFILE);
Security.setProperty("javax.net.ssl.trustStorePassword",passPhrase);
[EMAIL PROTECTED] wrote:
We are using IBM implementation.
We want to deploy two applications into the same JVM and what we
have done
so far is
to define the system properties directly as JVM parameters. So both
applications share the
same system properties, and hence the same keystore file path.
Even we put these definitions into the application code, I think
that won't
work either
because the second application that runs the code for setting system
properties will
change the system properties values set by the first application at
run
time (the first
application refers to the application that runs the system
properties
values setting code first).
I really do not understand how come JSSE does not allow specifying
the
alias
while the keystore file can store multiple certificates.
Thanks for the comments.
Jian
Leo de Blaauw
> cc:
Subject: RE: how to sepcify certificate alias
11/02/2004 02:44
AM
Please respond to
axis-user
Hi,
Well the short answer is it depends on the ssl library you use, for
instance sun or ibm.
Both, as far as i know, dont allow you to do this out of the box. In
my
experience they
they both take the first client certificate found in the key store.
We just
use a different
key store per client. You could write your own keymanager class wich
subclasses the
keymanager of your ssl implementation, but i have not found a
working way
yet on
using that from within axis.
Greetz
Leo
-----Oorspronkelijk bericht-----
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag, februari 2004 20:53
Aan: [EMAIL PROTECTED]
Onderwerp: how to sepcify certificate alias
I have two applications that access a web service. We use HTTPS for
authenticatoin and encryption.
We can get these applications access the service with one
certificate
stored in one keystore file,
but we want them to use two different certificats. The two
certificates can
be saved in one keystore file.
Both applications run inside the same application server instance
(JVM).
The problem is that we can use system property to specify where the
keystore file is, but I can not find
in JSSE document how a certificate alias is specified to tell which
applicaiton is using which certificate.
Any idea?
Thanks
Jian
De informatie verzonden met dit e-mail bericht is uitsluitend
bestemd voor
de
geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of
verstrekking
van deze informatie aan derden is niet toegestaan. Indien dit
bericht niet
voor u
bestemd is, verzoeken wij u vriendelijk dit bericht te retourneren
zodat
dit in de
toekomst kan worden voorkomen. Ondanks het feit dat IZA Nederland al
haar
e-mail
berichten controleert op virussen, staat zij niet in voor het
virusvrij
verzenden c.q.
ontvangen van deze berichten.
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online
