Hi, To transform the client certificate into a java "keystore" file, you can try downloading "not-yet-commons-ssl-0.3.8.jar" and running a special command-line java program:
#1. Download from here: http://juliusdavies.ca/commons-ssl/download.html #2. Run command-line java utility as documented here: http://juliusdavies.ca/commons-ssl/utilities.html java -cp not-yet-commons-ssl-0.3.8.jar org.apache.commons.ssl.KeyStoreBuilder Once you've done that, AuthSSLProtocolSocketFactory is the ticket. Personally I have a tradition where I keep at most a single private key per keystore file. I never install 2 or more private keys in a single keystore file. Good luck! yours, Julius ps. Or you can leave the certificate alone as ".pkcs12", ".p12", or ".pfx". If your browser exports it with a name ending like that, it's probably fine. Just remember to tell Java that the "type" is "PKCS12" instead of "JKS", and java will treat it like a keystore file. On 7/24/07, Nathan Maves <[EMAIL PROTECTED]> wrote:
First off great product. My team is looking for a bit of help / direction in how to get a specific SSL connection to work. First off let me define the problem statement. We have a service that we need to send http post requests to. This request needs to send a digital id<http://www.verisign.com/products-services/security-services/pki/pki-application/email-digital-id/index.html>with the request. Ignore the fact that this type of certificate is normally used for securing email. This is what we have been told to use. The process to use this certificate is the following. Install the cert into a browser. Export this cert to the file system ( base64 cer file) Import this cert to Java Use the contributed code AuthSSLProtocolSocketFactory from the http://jakarta.apache.org/commons/httpclient/sslguide.html to open an SSL connection. First off has anyone ever done this? Are the above steps the correct path to take? Is there a better way? Side notes.... Once the cert is installed in a browser we can hit the mentioned service and it will prompt us to choose a cert to send. I actually think that the commons classes work perfect. I think are issue lies in how to properly import the cer file into a keystore. I am hoping that someone with some expertise might be on this alias. TIA, Nathan
-- yours, Julius Davies 604-251-3219 http://juliusdavies.ca/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
