No, I mean SSL with client authentication - i.e., rather than just the server authenticating itself to the client (by sending its server cert), both the client and the server authenticate with each other.
I did look at the code for the Simple HttpsServerHelper and it appears that it would be relatively simply to accomplish this. The main issue would be change the call to SLLContext.init() to include a TrustManagers along with the KeyManagers - along the lines of: sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory,getTrustManagers(), null); This would require some additional properties in order to be able to specify the location of the trust store and password along with specifying whether or not client authentication is not asked for at all; asked for but not required; or required. I suspect that a similar solution exists for the Servlet server helper if not all of the other helpers. --Chuck -----Original Message----- From: Jerome Louvel [mailto:[EMAIL PROTECTED] Sent: Friday, April 27, 2007 1:48 AM To: [email protected] Subject: RE: 2-way SSL authentication Chuck, Sorry I'm not sure I understand. Do you mean reusing the exact same SSL socket? Otherwise a single Restlet application can use an HTTPS server and client connector at the same time. But it seems that you are looking for more, right? Best regards, Jerome > -----Message d'origine----- > De : Chuck Hinson [mailto:[EMAIL PROTECTED] Envoyé : jeudi 26 > avril 2007 17:45 À : [email protected] Objet : 2-way SSL > authentication > > Does anyone know if it is possible to use Restlets in scenarios where > https with 2-way/client authentication is required (server-side and > client-side)? > > -Chuck > > ------------------------------------ > Chuck Hinson > Gestalt LLC > phone: 610.994.2833 > IM: chucking24 (Yahoo) >
