tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lau Eng Huat <tomcath...@gmail.com>
Subject truststore and keystore SSL
Date Sat, 17 Dec 2011 07:34:59 GMT
Hi Guys,

After I have followed the instructions from
http://www.tomcatexpert.com/knowledge-base/using-openssl-configure-ssl-certificates-tomcat
I
managed to
1. install the certificates in Tomcat using APR
2. managed to get the web browsers to accept the certificates

The question that I have now is how to get it to work with apache
httpclient components. I found that the SSLSocketFactory has 4 constructor
class of interest. They are

*1. SSLSocketFactory<http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html#SSLSocketFactory(java.security.KeyStore,
java.lang.String)>*(KeyStore<http://download.oracle.com/javase/1.5.0/docs/api/java/security/KeyStore.html?is-external=true>
 keystore, String<http://download.oracle.com/javase/1.5.0/docs/api/java/lang/String.html?is-external=true>
 keystorePassword)
*2. SSLSocketFactory<http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html#SSLSocketFactory(java.security.KeyStore,
java.lang.String,
java.security.KeyStore)>*(KeyStore<http://download.oracle.com/javase/1.5.0/docs/api/java/security/KeyStore.html?is-external=true>
 keystore, String<http://download.oracle.com/javase/1.5.0/docs/api/java/lang/String.html?is-external=true>
 keystorePassword,
KeyStore<http://download.oracle.com/javase/1.5.0/docs/api/java/security/KeyStore.html?is-external=true>
 truststore)
*3. SSLSocketFactory<http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html#SSLSocketFactory(javax.net.ssl.SSLContext)>
*(SSLContext<http://download.oracle.com/javase/1.5.0/docs/api/javax/net/ssl/SSLContext.html?is-external=true>
 sslContext)
*4. SSLSocketFactory<http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html#SSLSocketFactory(javax.net.ssl.SSLContext,
org.apache.http.conn.ssl.X509HostnameVerifier)>*(SSLContext<http://download.oracle.com/javase/1.5.0/docs/api/javax/net/ssl/SSLContext.html?is-external=true>
 sslContext, X509HostnameVerifier<http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/X509HostnameVerifier.html>
 hostnameVerifier)

Which one should I used and the pro and cons of using this ?  If I used
item 2 method, which one is tomcathost.jks and trust.jks in the first
parameter and 3rd parameter.

The other question is how to load certificates dynamically in java, how do
I achieved this ?
*
*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message