Hi, Some answers are inlined:
> -----Original Message----- > From: Jose María Zaragoza [mailto:[email protected]] > Sent: Montag, 5. Mai 2014 21:32 > To: [email protected] > Subject: CXF and client certs > > Hello: > > I've got 2 basic questions about client-cert authentication: > > 1) According CXF documentation , I can set > > <sec:keyManagers keyPassword="password"> > <sec:keyStore type="JKS" password="password" > file="my/file/dir/Morpit.jks"/> </sec:keyManagers> > > What is the keyPassword in sec:keyManagers element for ? keyPassword is a password protecting private key in the keystore. In case of client authentication, you need access to private key to encrypt information by SSL handshake in order to prove holder of key (client proves that he holds private key corresponded to certificate) > > 2) > > If I've got many client-certs in the same .jks file , how I can select the > right > client-cert to use ? > Should I create different keystore for implementing this ? If you have more than one certificate in keystore, you can use certAlias parameter in tlsClientParameters (or tlsServerParameters) to specify which certificate should be used. Regards, Andrei. > > > Thanks and regards
