> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>
> 2. This is a bit off-topic, but maybe not so much.
> I want to use SSL with my Axis client. No problem here.
> I even managed to enable client authentication, everything
> runs ok. But how can I configure my system in order to
> use different client certificates when sending the request ?
> First of all, can I have more certificates in a keystore ?
> If so, how can I choose which one to send when creating the
> SSL socket ?
Certainly not off-topic :)
You can't select a particular key entry from a Java keystore by just
setting environment variables. You will have to do some programming at
the JSSE level.
As Axis or any JAX-RPC implementation doesn't expose APIs for connection
management ( rightly so ) and as of this writing, do not allow a programmer
to selecet the alias to be used in a keystore for selecting a specific
key entry, you can't really select a specific key entry.
However, Axis is an open source project and one could always modify the
source code to add new feature. So you can modify HTTPSender and add
a new API ( or even better, a new property string to be set on Call
object ) so that HTTPSender knows which alias to use. Look at JSSE
examples for how to do this.
Another interesting aspect is the validation/verification of the certificate
presented by the other end. In case of accessing a servlet by browser,
the verification is doen by the browser as per its verification
rules and prompting the user whenever something fails. Not so for a Java
client.
It would be interesting to see the Axis community reaction on this topic.
I, as JAX-RPC Expert Group member, have been pushing for inclusion of
some of these in JAX-RPC spec. maintenance release.
Pankaj Kumar
Web Services Architect
HP Middleware
http://www.pankaj-k.net
