Can anyone please explain how i can have more than one X.509 Certificates in my GlassFish application server? The main challenge for me is that GlassFish uses just one alias which is 's1as'.
Asked
Active
Viewed 108 times
0
-
can you elaborate on the purpose of the additional certificates you want to use? Is that to use as an SSL client certificate? – TheArchitect Oct 07 '13 at 20:55
-
Sure, I have a couple of services on my GlassFish. These service will be invoking different external services which requires SSL authentication hence the additional certificates. – isaiah Oct 10 '13 at 17:41
1 Answers
1
You can pull additional certificates from external key files to create an SSLContext and then SSLSocketFactory, which you can feed into your external HTTPS calls.
E.g.:
KeyStore cKeyStore = KeyStore.getInstance("PKCS12");
try (InputStream clientCertKeyInput = new FileInputStream("my.pfx")) {
cKeyStore.load(clientCertKeyInput, "password".toCharArray());
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(cKeyStore, "password".toCharArray());
SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(keyManagerFactory.getKeyManagers(),
null, // default javax.net.ssl.trustStore
new SecureRandom());
SSLSocketFactory sslSocketFactory = sslCtx.getSocketFactory();
You may then configure an HttpsURLConnection with it:
httpsConn.setSSLSocketFactory(sslSocketFactory);
Or if you're using JAXWS set it as a property of the BindingProvider's context:
Map<String, Object> ctxt = ((BindingProvider) port).getRequestContext();
ctxt.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslSocketFactory);
Hope this helps.
joergl
- 2,850
- 4
- 36
- 42
TheArchitect
- 2,161
- 1
- 12
- 16