This is a pretty basic question but I haven't seen an answer (or maybe I'm just not googling the right thing). Can a single JVM have multiple configured/initialized instances of CryptoManager?
Basically, I have an authentication service that supports PKI. Unfortunately I have two different CAs that issue certs. Each CA has an OCSP URL (for CRL check) and neither adds the OCSP URL to the AIA (Authority Information Access) of the ID certificate. Due to certain restrictions we are not permitted to download the CRL from the CAs and must use OCSP to validate the cert. The auth service supports hundreds of authentications per minute. My thought was to create a CryptoManager instance for each CA with the CA specific OCSP url and cert nickname set. Since it is quite a lot of work to customize the auth service this way I figured I would ask if this sort of configuration is feasible and if there might be a better option before I start hacking my way through it. Appreciate any and all comments. Thanks, Robb _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
