0

Can anyone please explain how i can have more than one X.509 Certificates in my GlassFish application server? The main challenge for me is that GlassFish uses just one alias which is 's1as'.

isaiah
  • 311
  • 2
  • 5
  • 14
  • can you elaborate on the purpose of the additional certificates you want to use? Is that to use as an SSL client certificate? – TheArchitect Oct 07 '13 at 20:55
  • Sure, I have a couple of services on my GlassFish. These service will be invoking different external services which requires SSL authentication hence the additional certificates. – isaiah Oct 10 '13 at 17:41

1 Answers1

1

You can pull additional certificates from external key files to create an SSLContext and then SSLSocketFactory, which you can feed into your external HTTPS calls.

E.g.:

KeyStore cKeyStore = KeyStore.getInstance("PKCS12");
try (InputStream clientCertKeyInput = new FileInputStream("my.pfx")) {
     cKeyStore.load(clientCertKeyInput, "password".toCharArray());
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(cKeyStore, "password".toCharArray());

SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(keyManagerFactory.getKeyManagers(), 
            null, // default javax.net.ssl.trustStore
            new SecureRandom()); 

SSLSocketFactory sslSocketFactory = sslCtx.getSocketFactory();

You may then configure an HttpsURLConnection with it:

httpsConn.setSSLSocketFactory(sslSocketFactory);

Or if you're using JAXWS set it as a property of the BindingProvider's context:

Map<String, Object> ctxt = ((BindingProvider) port).getRequestContext();
ctxt.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslSocketFactory);

Hope this helps.

joergl
  • 2,850
  • 4
  • 36
  • 42
TheArchitect
  • 2,161
  • 1
  • 12
  • 16