I am in the process of adding some core functionality for
HTTPS authentication so that we can control our own CA certs
and Client Certs. I would like to know how I should organize
my files. I have the following files in process:
Apache TrustStore (allow you to install CA certs dynamically)
Apache KeyStore (allow you to install client certs dynamically--X509 based
for simplicity)
Apache KeyManager (allow you to select the proper client key--uses the store)
Graphical elements like HttpAuth config extension (i.e. Certificate selection)
The TrustStore is a config element that adds CA certs to the CA keystore.
The KeyStore is a config element that adds client certs to the keystore. It
requires private keys or PKCS12 certs.
The KeyManager does the same as AuthManager (i.e. matching URL to key)
I believe the graphical elements are self explanitory.
The biggest thing is that I need to hijack the SSLSocketFactory used by the
HTTPS system. The TrustStore,KeyStore,KeyManager all have to be set before
any sockets are created--so I need to know where it is best to place them.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
