I am using axis web service with client side authentication using certificates. The keystore has multiple certificates, from those certificates I have to select a particular certificate to present to the server. Is there a way to select and specify ?
You may have missed that we have a policy on screen names here at JavaRanch. Basically, it must consist of a first name, a space, and a last name. Since yours does not conform with it, please take a moment to change it, which you can do right here.
As to your question, are you using HTTP authentication or WS-Security authentication? If the former, how are you adding the certificate to the WS call? If the latter, you can specify the username to be used, and based upon that the JVM will select the a certificate (assuming that you don't have several certificates for the same username). The sepecific depend on the SOAP toolkit you're using.
Hi, Sorry for not reading the naming policy. I am using http based authentication and JSSE is used to create the SSL Socket. I am providing these parameters to specify keystore from which certificate has to be picked and presented -Djavax.net.ssl.keyStore="keystore.jks" -Djavax.net.ssl.keyStorePassword="somepassword" What it does is pick the first certificate found in the keystore and present it for authentication. My question is if there are multiple certificates in the keystore, then is there any way in JSSE to specify which certificate is to be used?
Why dont you put your certificate in a separate keystore by itself and point to that keystore?
Joined: Jan 18, 2008
It is a requirement from customer. They have a number of certificates and they don't want to manage them separately. I have found a work around. I am creating a temperory keystore and loading only the required certificate to it. KeyStore tempKstore = KeyStore.getInstance(keystoreType); tempKstore.load(null); tempKstore.setKeyEntry(certificateAlias, kstore.getKey(certificateAlias, keyPass.toCharArray()), keyPass.toCharArray(), kstore.getCertificateChain(certificateAlias)); kstore = tempKstore;