> Well, if not through different stores, how can we let the KeyManager know > what cert to use for this particular endpoint?
If I remember well, this is how it works: during the handshake, the server presents a list of trusted CAs to the client. The client than selects the certificate that is signed (directly or indirectly) by that CA and uses that to authenticate. I'm pretty sure this is what happens when you create a java.net.URL with the https scheme and call openConnection on it. Since behind the scene this uses an SSLContext, chances are high that it also works with our HTTPS transport (or that it would be pretty easy to make it work). Of course this only satisfies the requirement if the two endpoints use different CAs, which should be the usual case. Andreas --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
