Skip to main content

How to use metro with Windows SSL certificates?

1 reply [Last post]
alecswan
Offline
Joined: 2003-11-10
Points: 0

Hello,

We have a customer who creates self-signed certificates and installs them in the Windows certificate store on the end-user machines. They do not install these certificates in Java key store.

We tried reading Windows certificates in the code and installing them in the java keystore with no luck. The problem we ran into is that JDKs API can generate the same alias for different Windows certificates but then uses this duplicate alias as a unique identifier to lookup the certificate.

We are looking for some ideas on how to make Metro use those Windows certificates.

Thanks,

Alec

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
kumarjayanti
Offline
Joined: 2003-12-10
Points: 0

Sorry for the late reply.

I could not understand the problem. Maybe some more description will help.   

Metro can be made to use Windows Certificates by using configuration schemes available in metro. You just need to expose a  Java KeyStore View of the Windows Certificates.

See if the sections in the links will help :

http://weblogs.java.net/blog/kumarjayanti/archive/2009/06/security_token...

 

Dynamic KeyStore Configuration

<sc:Keystore 
   alias={the certificate alias from the  keystore to be used for Signatures} 
   aliasSelector={the fully qualified classname of a class implementing com.sun.xml.wss.AliasSelector interface}? 
   callbackHandler={fully qualified classname of a class implementing javax.security.auth.callback.CallbackHandler, should be able to handle  com.sun.xml.wss.impl.callback.KeyStoreCallback and  com.sun.xml.wss.impl.callback.PrivateKeyCallback} 
/>

 

Overrding the Default JSR 196 CallbackHandler on GlassFish

 

 j

ava also allows you to provide a custom implementation of the keystore, by implementing the java.security.KeystoreSpi class  :  

http://download.oracle.com/javase/1,5.0/docs/api/java/security/KeyStoreSpi.html