Thanks Oleg.
-----Original Message----- From: Oleg Kalnichevski [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 27, 2005 10:27 PM To: httpclient-user@jakarta.apache.org Subject: Re: SSL over HTTPClient On Mon, Dec 26, 2005 at 10:39:36PM +0530, Nishant Agrawal wrote: > Hi, > > > > I use a custom SecureProtocolSocketFactory, similar to the one at > http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trun > k/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolS > ocketFactory.java?view=markup > > > I provde it a keystore and a truststore, and corresponding passwords. > > > > Now I do following : > > > > HostConfiguration hostConfig = new HostConfiguration(); > hostConfig.setHost("www.myurl.com", 443, myhttps); > > > > In keystore I have lot many aliases, how does API find which alias to be > used for this specific URL(www.myurl.com <http://www.myurl.com/> ). > > Nishant, The KeyStore#aliases() will give you an enumeration of all aliases in a keystore The KeyStore#getCertificateChain(String) will give you an array of certificates associated with a given alias. I _believe_ the trust manager factory will generate one trust manager per alias / certificate chain. It is usually sufficient that at least one trust manager will recognize a certificate chain as a valid one. -- If I send to 2 different servers (at 2 different URLs), -- how will implementation decide as to which manager to use, for present key-cert combo to each server. -- here I assume that each different server recognizes this same client application, by different identities. --For e.g.: --ClientApp has 2 keyManagers ---1. KeyManager_A ( key_a, certChain_a) ---2. KeyManager_b ( key_b, certChain_b) -- server_a identifies certChain_a only. -- server_b identifies certChain_b only. Hope this helps Oleg > > Regards, > > Nishant Agrawal > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
