axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo de Blaauw <ldebla...@iza.nl>
Subject RE: how to sepcify certificate alias
Date Wed, 11 Feb 2004 14:16:50 GMT
Well,

Just in short we went trough a whole discussion with IBM and apparently its
not that common to want
to do this from code. They come the suggestion pretty quick to write your
own keymanager, wich is 
really not that difficult. I just havent found the time nor a way to send a
param from axis to this custom
keymanager class to instruct it what certificate alias to use ? It seems to
be uncharted teritories as i 
have discovered the hard way...

Greetz
Leo

-----Oorspronkelijk bericht-----
Van: jzhang@symcor.com [mailto:jzhang@symcor.com]
Verzonden: woensdag, februari 2004 15:13
Aan: axis-user@ws.apache.org
CC: 'axis-user@ws.apache.org'
Onderwerp: RE: how to sepcify certificate alias



We are using IBM implementation.

We want to deploy two applications into the same JVM and what we have done
so far is
to define the system properties directly as JVM parameters. So both
applications share the
same system properties, and hence the same keystore file path.

Even we put these definitions into the application code, I think that won't
work either
because the second application that runs the code for setting system
properties will
change the system properties values set by the first application at run
time (the first
application refers to the application that runs the system properties
values setting code first).

I really do not understand how come JSSE does not allow specifying the
alias
while the keystore file can store multiple certificates.

Thanks for the comments.

Jian




 

                      Leo de Blaauw

                      <ldeblaauw@iza.nl        To:
"'axis-user@ws.apache.org'" <axis-user@ws.apache.org>

                      >                        cc:

                                               Subject:  RE: how to sepcify
certificate alias                                          
                      11/02/2004 02:44

                      AM

                      Please respond to

                      axis-user

 

 





Hi,


Well the short answer is it depends on the ssl library you use, for
instance sun or ibm.
Both, as far as i know, dont allow you to do this out of the box. In my
experience they
they both take the first client certificate found in the key store. We just
use a different
key store per client. You could write your own keymanager class wich
subclasses the
keymanager of your ssl implementation, but i have not found a working way
yet on
using that from within axis.


Greetz
Leo


-----Oorspronkelijk bericht-----
Van: jzhang@symcor.com [mailto:jzhang@symcor.com]
Verzonden: dinsdag, februari 2004 20:53
Aan: axis-user@ws.apache.org
Onderwerp: how to sepcify certificate alias





I have two applications that access a web service. We use HTTPS for
authenticatoin and encryption.
We can get these applications access the service with one certificate
stored in one keystore file,
but we want them to use two different certificats. The two certificates can

be saved in one keystore file.
Both applications run inside the same application server instance (JVM).


The problem is that we can use system property to specify where the
keystore file is, but I can not find
in JSSE document how a certificate alias is specified to tell which
applicaiton is using which certificate.





Any idea?


Thanks


Jian







De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor
de
geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of
verstrekking
van deze informatie aan derden is niet toegestaan.  Indien dit bericht niet
voor u
bestemd is, verzoeken wij u vriendelijk dit bericht te retourneren zodat
dit in de
toekomst kan worden voorkomen. Ondanks het feit dat IZA Nederland al haar
e-mail
berichten controleert op virussen, staat zij niet in voor het virusvrij
verzenden c.q.
ontvangen van deze berichten.









De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor de 
geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of verstrekking 
van deze informatie aan derden is niet toegestaan.  Indien dit bericht niet voor u 
bestemd is, verzoeken wij u vriendelijk dit bericht te retourneren zodat dit in de 
toekomst kan worden voorkomen. Ondanks het feit dat IZA Nederland al haar e-mail 
berichten controleert op virussen, staat zij niet in voor het virusvrij verzenden c.q. 
ontvangen van deze berichten.

Mime
View raw message