Folks, I just spent over two weeks working extensively with SSL including mutual client/server authentication. As soon as I get a breathing moment I'll try to throw together a sample ClientAuthenticatingSocketFactory and have it added to the contrib package. However, as far as JSSE is concerned, there's really not much to be done. One just needs to setup a new SSL context with a defined set of key and trust managers. So, the real trick is actually being able to generate the required key store and trust store files, which involves good knowledge of public cryptography / Java keytool and optionally OpenSSL. The rest does not really take a PhD Stanford
Oleg On Wed, 2004-04-21 at 04:18, Michael Becke wrote: > Hi Steve, > > > To use client side certificates one needs to instantiate > > EasyX509TrustManager(KeyStore keystore) > > with a keystore that has had keystore.load(stream, password); called > > on it previously? > > Yes, this should work. You can also implement something custom of your > own. The only requirement is that you provide an instance of a > SecureProtocolSocketFactory to the Protocol. > > > Is there some example code for opening the keystore file and so forth? > > or are there > > APIs available that one could pass in a fully qualified path with > > passphrase for the > > client side cert file? > > There aren't any included in HttpClient. I suggest taking a look at > the JSSE docs, as they may include some more examples. Please let us > know if you discover any good examples. As always we also accept code > and documentation contributions :) > > Mike > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
