John said:
If you have one keyStore that has mulitple client certificates in it (
say one for each HTTPS webserver that requires client authentication ),
how does JSSE know which one of these certificates in the keystore to
send to the server ?
Just as a followup ... I have found a solution:
1) The KeyStore class has a boolean variable initailized that first
needs to be true before you can call setKeyEntry(), and the only way to
set this to true is to call load().
2) Java's PKCS12 keystore implementation does not implement the store()
method. I therefore could not combine "save" a new PKCS12 file.
3) The alternative that worked is to create a new JKS keystore using
keytool, load that in your Java program, then call setKeyEntry() for
each alias / Key / Certificate Chain that you have loaded on your
existing PKCS12 keystores ... then call store().
After that, you setup your KeyManagerFactory with the new JKS keystore,
setup an SSLContext with the KeyManagers from the KeyManagerFactory.
Then lastly, call
HttpsURLConnection.setDefaultSSLSocketFactory(
sslcontext.getSSLSocketFactory() );
When that is done, I was able to authenticate myself to webservers that
required SSL client authentication.
Regards,
John Salvo