My problem is as follows:
I need to make a trusted connection to a server in order to consume a couple of webservices. The catch is that the server manages profiles, and therefore some services are served only if requested as an specific user.
There are currently two user profiles, each one associated with a specific certificate (and each certificate is packed as individual .pfx files). In order to be able to make the secure connection with Java, I proceeded with importing both certificates into a keystore using keytool.
When I import each certificate into a new, individual keystore, everything works like a charm and I am able to successfully connect and consume the services. Of course, this results in me having two different keystores (for now, possibly 'n' if more user profiles arise in the future), and therefore I went ahead and imported both .pfx's into a single keystore.
This is where things start to go haywire: no matter which importing process I apply (and believe me I have tried quite a few, including unnecessary middle-steps like exporting to a .pem or a .der file first with openSSL), one of the user profiles always gets rejected by the server. Additionally, said reject is always the same profile, no matter which one of the two I import first.
I should note that I paid special attention to the alias names (that was one of the first things I suspected), and went as far as explicitly declaring the source and destination aliases during the importation (with -srcalias and -destalias).
I am currently testing the resulting keystore(s) using SoapUI, and the only way I can get the problematic profile's certificate to work is with it being in its own individual keystore. I need them both to be in the same keystore.
Does anyone have a clue in how to proceed?
