aspose file tools*
The moose likes Security and the fly likes Select a certificate from a keystore for client authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Select a certificate from a keystore for client authentication" Watch "Select a certificate from a keystore for client authentication" New topic
Author

Select a certificate from a keystore for client authentication

shashank shekhar
Greenhorn

Joined: Jan 18, 2008
Posts: 4
I am using axis web service with client side authentication using certificates. The keystore has multiple certificates, from those certificates I have to select a particular certificate to present to the server. Is there a way to select and specify ?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41571
    
  54
Hello "shashank"-

You may have missed that we have a policy on screen names here at JavaRanch. Basically, it must consist of a first name, a space, and a last name. Since yours does not conform with it, please take a moment to change it, which you can do right here.

As to your question, are you using HTTP authentication or WS-Security authentication? If the former, how are you adding the certificate to the WS call?
If the latter, you can specify the username to be used, and based upon that the JVM will select the a certificate (assuming that you don't have several certificates for the same username). The sepecific depend on the SOAP toolkit you're using.


Ping & DNS - my free Android networking tools app
shashank shekhar
Greenhorn

Joined: Jan 18, 2008
Posts: 4
Hi,
Sorry for not reading the naming policy.
I am using http based authentication and JSSE is used to create the SSL Socket. I am providing these parameters to specify keystore from which certificate has to be picked and presented -Djavax.net.ssl.keyStore="keystore.jks" -Djavax.net.ssl.keyStorePassword="somepassword"
What it does is pick the first certificate found in the keystore and present it for authentication. My question is if there are multiple certificates in the keystore, then is there any way in JSSE to specify which certificate is to be used?
Cindy Jones
Ranch Hand

Joined: Oct 08, 2002
Posts: 66
Why dont you put your certificate in a separate keystore by itself and point to that keystore?
shashank shekhar
Greenhorn

Joined: Jan 18, 2008
Posts: 4
It is a requirement from customer. They have a number of certificates and they don't want to manage them separately.
I have found a work around. I am creating a temperory keystore and loading only the required certificate to it.
KeyStore tempKstore = KeyStore.getInstance(keystoreType);
tempKstore.load(null);
tempKstore.setKeyEntry(certificateAlias, kstore.getKey(certificateAlias, keyPass.toCharArray()),
keyPass.toCharArray(), kstore.getCertificateChain(certificateAlias));
kstore = tempKstore;
 
 
subject: Select a certificate from a keystore for client authentication