Skip to main content

How to use metro with Windows SSL certificates?

Please note these forums are being decommissioned and use the new and improved forums at
1 reply [Last post]
Joined: 2003-11-10


We have a customer who creates self-signed certificates and installs them in the Windows certificate store on the end-user machines. They do not install these certificates in Java key store.

We tried reading Windows certificates in the code and installing them in the java keystore with no luck. The problem we ran into is that JDKs API can generate the same alias for different Windows certificates but then uses this duplicate alias as a unique identifier to lookup the certificate.

We are looking for some ideas on how to make Metro use those Windows certificates.



Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Joined: 2003-12-10

Sorry for the late reply.

I could not understand the problem. Maybe some more description will help.   

Metro can be made to use Windows Certificates by using configuration schemes available in metro. You just need to expose a  Java KeyStore View of the Windows Certificates.

See if the sections in the links will help :


Dynamic KeyStore Configuration

   alias={the certificate alias from the  keystore to be used for Signatures} 
   aliasSelector={the fully qualified classname of a class implementing com.sun.xml.wss.AliasSelector interface}? 
   callbackHandler={fully qualified classname of a class implementing, should be able to handle  com.sun.xml.wss.impl.callback.KeyStoreCallback and  com.sun.xml.wss.impl.callback.PrivateKeyCallback} 


Overrding the Default JSR 196 CallbackHandler on GlassFish



ava also allows you to provide a custom implementation of the keystore, by implementing the class  :,5.0/docs/api/java/security/KeyStoreSpi.html