Hi there.. i have a servlet,on a web application , that calls a webservice via https (on a separate .net environment) , i'm using rpc style with classic call.invoke().. Everything works great and without any problem but i've a big doubt. I'm using system.setProperty methods to set keystore,truststore,keystorepassword,truststore and so on. I think this solution is not very smart .When i will have to deploy another web application with https soap calls what will i have to do?? I don't think it will be very prudent to setProperty() again with different keystore path and password and overwrite jvm properties set by the first webapp.
so,the question is: is it possible to setting keystore and truststore just for the servlet scope without using system properties? I can make it for an https url connection SSLSocketFactory ssf; TrustManagerFactory tmf; KeyStore ks; FileInputStream fis; String pathKeyStore="C:\\client.keystore"; char[] passphrase = "keystorePassword".toCharArray(); fis=new FileInputStream(pathKeyStore); ks = KeyStore.getInstance("JKS"); ks.load(fis, passphrase); tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ks); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, tmf.getTrustManagers(), null); fis.close(); try { URL url = new URL("https://yourpage"); com.sun.net.ssl.HttpsURLConnection connection = (com.sun.net.ssl.HttpsURLConnection) url.openConnection(); ssf = ctx.getSocketFactory(); connection.setSSLSocketFactory(ssf); connection.connect(); System.out.println("Ok :" + connection.getURL()); ..but i don't know how make call.invoke() work ..the servlet throws "untrusted server chain" exception.. Any hints? Thanks in advance Michele