2014-05-06 12:11 GMT+02:00 Andrei Shakirin <[email protected]>: > Hi, > > Some answers are inlined: > >> -----Original Message----- >> From: Jose María Zaragoza [mailto:[email protected]] >> Sent: Montag, 5. Mai 2014 21:32 >> To: [email protected] >> Subject: CXF and client certs >> >> Hello: >> >> I've got 2 basic questions about client-cert authentication: >> >> 1) According CXF documentation , I can set >> >> <sec:keyManagers keyPassword="password"> >> <sec:keyStore type="JKS" password="password" >> file="my/file/dir/Morpit.jks"/> </sec:keyManagers> >> >> What is the keyPassword in sec:keyManagers element for ? > > keyPassword is a password protecting private key in the keystore. > In case of client authentication, you need access to private key to encrypt > information by SSL handshake in order to prove holder of key (client proves > that he holds private key corresponded to certificate) > >> >> 2) >> >> If I've got many client-certs in the same .jks file , how I can select the >> right >> client-cert to use ? >> Should I create different keystore for implementing this ? > > If you have more than one certificate in keystore, you can use certAlias > parameter in tlsClientParameters (or tlsServerParameters) to specify which > certificate should be used. > > Regards, > Andrei. > >> >> >> Thanks and regards
Perfect. Thank you all
