• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Select a certificate from a keystore for client authentication

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am using axis web service with client side authentication using certificates. The keystore has multiple certificates, from those certificates I have to select a particular certificate to present to the server. Is there a way to select and specify ?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello "shashank"-

You may have missed that we have a policy on screen names here at JavaRanch. Basically, it must consist of a first name, a space, and a last name. Since yours does not conform with it, please take a moment to change it, which you can do right here.

As to your question, are you using HTTP authentication or WS-Security authentication? If the former, how are you adding the certificate to the WS call?
If the latter, you can specify the username to be used, and based upon that the JVM will select the a certificate (assuming that you don't have several certificates for the same username). The sepecific depend on the SOAP toolkit you're using.
 
shashank shekhar
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Sorry for not reading the naming policy.
I am using http based authentication and JSSE is used to create the SSL Socket. I am providing these parameters to specify keystore from which certificate has to be picked and presented -Djavax.net.ssl.keyStore="keystore.jks" -Djavax.net.ssl.keyStorePassword="somepassword"
What it does is pick the first certificate found in the keystore and present it for authentication. My question is if there are multiple certificates in the keystore, then is there any way in JSSE to specify which certificate is to be used?
 
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why dont you put your certificate in a separate keystore by itself and point to that keystore?
 
shashank shekhar
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is a requirement from customer. They have a number of certificates and they don't want to manage them separately.
I have found a work around. I am creating a temperory keystore and loading only the required certificate to it.
KeyStore tempKstore = KeyStore.getInstance(keystoreType);
tempKstore.load(null);
tempKstore.setKeyEntry(certificateAlias, kstore.getKey(certificateAlias, keyPass.toCharArray()),
keyPass.toCharArray(), kstore.getCertificateChain(certificateAlias));
kstore = tempKstore;
 
reply
    Bookmark Topic Watch Topic
  • New Topic