SSL client authentication with multiple certificate
Hi,
When using SSL client authentication, I understand that the client certificate should be added to the client keystore, and we can specify which keystore to use.
But, still on client side, how JSSE knows which certifcate to pick from the keystore ? What happend if there is several client certificates in the keystore ? I did not find any way to specify the certificate alias to use. If I want to use several certificates from my client application, should I need to use several keystores ?
I will greatly appreciate any comment or suggestion about that,
Thanks.
[597 byte] By [
javaslya] at [2007-10-3 4:23:30]
See the API for javax.net.ssl.X509ExtendedKeyManager. This should tell you what happens. The server advises what cipher suites and CAs it will accept, the client knows what cipher suites it will accept; the strongest suite in common is selected, and a certificate with the appropriate key type and CA is selected. In other words the alias is selected based on the key types, not the other way around. There is no opportunity to use a specific keystore alias unless you want to go the whole nine yards and write your own KeyManager for the client, and having read this you probably have reversed your requirement anyway.
ejpa at 2007-7-14 22:25:48 >
Thank you for the indications. Apparently, if several certificates match, then it takes the first one.So I guess I must use different keystores to store my certificates.
