axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shah, Soniya M. [RA]" <ssh...@telcordia.com>
Subject RE: how to sepcify certificate alias
Date Wed, 11 Feb 2004 17:44:56 GMT
 
I use a different alias for each certificate and it is working. I have about
10 certificates in the trust store file and the client can talk to each of
those server.
 
Soniya

-----Original Message-----
From: bethana kumar [mailto:bethana_kumar@yahoo.com] 
Sent: Τετάρτη, 11 Φεβρουαρίου 2004 12:08 μμ
To: axis-user@ws.apache.org
Subject: RE: how to sepcify certificate alias


Hi
I really do not understand how come JSSE does not allow specifying the
alias
while the keystore file can store multiple certificates

 

U can give different alias name for each certificate....if u give different
names then we can store multiple certfictes in same keystore.

 

Why dont u read application specific parameters from web.xml...we have done
this type ..

what we made is that in our web.xml we made  CERTIFICATE FILE  as a key and
its values are different for different  application 

Ex: CERTIFICATE FILE=
../webapps/location/WEB-INF/dialogsKeystore.bin../webapps/location/WEB-INF/d
ialogsKeystore.bin

passPhrase="abcd"; //password for this keystore.

here dialogsKeystore.bin contains all certificates relevant to this
application.

In your code u can write like this

Security.setProperty("javax.net.ssl.trustStore",CERTIFICATEFILE);

Security.setProperty("javax.net.ssl.trustStorePassword",passPhrase);

 



jzhang@symcor.com wrote:


We are using IBM implementation.

We want to deploy two applications into the same JVM and what we have done
so far is
to define the system properties directly as JVM parameters. So both
applications share the
same system properties, and hence the same keystore file path.

Even we put these definitions into the application code, I think that won't
work either
because the second application that runs the code for setting system
properties will
change the system properties values set by the first application at run
time (the first
application refers to the application that runs the system properties
values setting code first).

I really do not understand how come JSSE does not allow specifying the
alias
while the keystore file can store multiple certificates.

Thanks for the comments.

Jian





Leo de Blaauw 

> cc: 
Subject: RE: how to sepcify certificate alias 
11/02/2004 02:44 
AM 
Please respond to 
axis-user 






Hi,


Well the short answer is it depends on the ssl library you use, for
instance sun or ibm.
Both, as far as i know, dont allow you to do this out of the box. In my
experience they
they both take the first client certificate found in the key store. We just
use a different
key store per client. You could write your own keymanager class wich
subclasses the
keymanager of your ssl implementation, but i have not found a working way
yet on
using that from within axis.


Greetz
Leo


-----Oorspronkelijk bericht-----
Van: jzhang@symcor.com [mailto:jzhang@symcor.com]
Verzonden: dinsdag, februari 2004 20:53
Aan: axis-user@ws.apache.org
Onderwerp: how to sepcify certificate alias





I have two applications that access a web service. We use HTTPS for
authenticatoin and encryption.
We can get these applications access the service with one certificate
stored in one keystore file,
but we want them to use two different certificats. The two certificates can

be saved in one keystore file.
Both applications run inside the same application server instance (JVM).


The problem is that we can use system property to specify where the
keystore file is, but I can not find
in JSSE document how a certificate alias is specified to tell which
applicaiton is using which certificate.





Any idea?


Thanks


Jian







De informatie verzonden met dit e-mail bericht is uitsluitend bestemd voor
de
geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of
verstrekking
van deze informatie aan derden is niet toegestaan. Indien dit bericht niet
voor u
bestemd is, verzoeken wij u vriendelijk dit bericht te retourneren zodat
dit in de
toekomst kan worden voorkomen. Ondanks het feit dat IZA Nederland al haar
e-mail
berichten controleert op virussen, staat zij niet in voor het virusvrij
verzenden c.q.
ontvangen van deze berichten.








  _____  

Do you Yahoo!?
Yahoo! Finance: Get
<http://us.rd.yahoo.com/evt=22055/*http://taxes.yahoo.com/filing.html> your
refund fast by filing online


Mime
View raw message