Hi,
I'm using HttpClient to connect to a target server via a proxy server. Both the
target host and the proxy host use TLS, but for TLS mutual authentication, each
has different server and client certificate requirements.
Is there a recommended or supported way to specify different KeyManagers and
TrustManagers for connections to each of these hosts?
In my case I'm using a tunneled and layered route, and a custom SSL context.
One possibility I'm thinking is as follows:
1. specify a different scheme (e.g., proxy-https instead of https) for the
proxy's HttpHost object, and 2. register the scheme (proxy-https) in the
Registry object with a proxy specific ConnectionSocketFactory, created using an
SSLContext which is initialized using proxy specific KeyManagers and
TrustManagers. This is in addition to similarly registering the scheme https in
the Registry with target specific ConnectionSocketFactory.
However, it would be good to know a recommended or supported approach.
Thanks,Rahul