Yes My own investigation suggested that solution, still no way how to specify trough axis to pass on the variable with the alias to the keymanager though ?? Let me know if you come up with a solution to that one.
Greetz leo ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, February 11, 2004 7:08 PM Subject: RE: how to sepcify certificate alias > > > I can give different aliases to different certificates. > The problem is that the first one that CA recognize will be taken no matter > which client is accessing the server. > > How did you tell the implemenation the alias value? > > I went to the bookstore and found in the book "J2EE Security" by Pankaj > Jumar. The book basically said that > with the default implementation, you can not: > 1) use different password from the keystore file for certificate > 2) the first "valid" certificate (from the CA on the server side) will be > picked up by the default implementation. > The second one or any other one doesn't have a chance to be used. > > The solution is to implement the KeyManager and KeyManagerFactory. > > > > > > "Shah, Soniya M. > [RA]" To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > <[EMAIL PROTECTED] cc: > .com> Subject: RE: how to sepcify certificate alias > > 11/02/2004 12:44 > PM > Please respond to > axis-user > > > > > > > > I use a different alias for each certificate and it is working. I have > about 10 certificates in the trust store file and the client can talk to > each of those server. > > Soniya > -----Original Message----- > From: bethana kumar [mailto:[EMAIL PROTECTED] > Sent: Τετάρτη, 11 Φεβρουαρίου 2004 12:08 μμ > To: [EMAIL PROTECTED] > Subject: RE: how to sepcify certificate alias > > Hi > I really do not understand how come JSSE does not allow specifying > the > alias > while the keystore file can store multiple certificates > > > > > > U can give different alias name for each certificate....if u give > different names then we can store multiple certfictes in same > keystore. > > > > > > Why dont u read application specific parameters from web.xml...we > have done this type .. > > > what we made is that in our web.xml we made CERTIFICATE FILE as a > key and its values are different for different application > > > Ex: CERTIFICATE FILE= > ../webapps/location/WEB-INF/dialogsKeystore.bin../webapps/location/WEB-INF/d ialogsKeystore.bin > > > passPhrase="abcd"; //password for this keystore. > > > here dialogsKeystore.bin contains all certificates relevant to this > application. > > > In your code u can write like this > > > Security.setProperty("javax.net.ssl.trustStore",CERTIFICATEFILE); > > > Security.setProperty("javax.net.ssl.trustStorePassword",passPhrase); > > > > > > > > [EMAIL PROTECTED] wrote: > > We are using IBM implementation. > > We want to deploy two applications into the same JVM and what we > have done > so far is > to define the system properties directly as JVM parameters. So both > applications share the > same system properties, and hence the same keystore file path. > > Even we put these definitions into the application code, I think > that won't > work either > because the second application that runs the code for setting system > properties will > change the system properties values set by the first application at > run > time (the first > application refers to the application that runs the system > properties > values setting code first). > > I really do not understand how come JSSE does not allow specifying > the > alias > while the keystore file can store multiple certificates. > > Thanks for the comments. > > Jian > > > > > > Leo de Blaauw > > > cc: > Subject: RE: how to sepcify certificate alias > 11/02/2004 02:44 > AM > Please respond to > axis-user > > > > > > > Hi, > > > Well the short answer is it depends on the ssl library you use, for > instance sun or ibm. > Both, as far as i know, dont allow you to do this out of the box. In > my > experience they > they both take the first client certificate found in the key store. > We just > use a different > key store per client. You could write your own keymanager class wich > subclasses the > keymanager of your ssl implementation, but i have not found a > working way > yet on > using that from within axis. > > > Greetz > Leo > > > -----Oorspronkelijk bericht----- > Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Verzonden: dinsdag, februari 2004 20:53 > Aan: [EMAIL PROTECTED] > Onderwerp: how to sepcify certificate alias > > > > > > I have two applications that access a web service. We use HTTPS for > authenticatoin and encryption. > We can get these applications access the service with one > certificate > stored in one keystore file, > but we want them to use two different certificats. The two > certificates can > > be saved in one keystore file. > Both applications run inside the same application server instance > (JVM). > > > The problem is that we can use system property to specify where the > keystore file is, but I can not find > in JSSE document how a certificate alias is specified to tell which > applicaiton is using which certificate. > > > > > > Any idea? > > > Thanks > > > Jian > > > > > > > > De informatie verzonden met dit e-mail bericht is uitsluitend > bestemd voor > de > geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of > verstrekking > van deze informatie aan derden is niet toegestaan. Indien dit > bericht niet > voor u > bestemd is, verzoeken wij u vriendelijk dit bericht te retourneren > zodat > dit in de > toekomst kan worden voorkomen. Ondanks het feit dat IZA Nederland al > haar > e-mail > berichten controleert op virussen, staat zij niet in voor het > virusvrij > verzenden c.q. > ontvangen van deze berichten. > > > > > > > Do you Yahoo!? > Yahoo! Finance: Get your refund fast by filing online > > > > > > >
