> > > here you have access to the certificate and this is the only place where > you have a chance to see it, > and if you want to store it for any other purpose then you need to extend > server, cause certs are useless > after establishing a secure channel. > >> >> Well thats untrue. The certificate can be used for user mapping, authorization, etc. This is VERY common in the HTTP world. In a servlet you can get the certificate, DN, etc from the request object.
That being said, I have extended the server ( http://sourceforge.net/p/myvd/code/HEAD/tree/trunk/MyVD/src/main/java/org/apache/directory/server/ldap/LdapServer.java) mainly so I can do custom SSL implementations so I can easily create a custom trust manager. The question becomes how can I associate the cert I get from the trust manager to an LDAP session? Neither the trust manager nor the keystore actually has that context. Thanks Marc
