Posted by wgkorb
on May 22, 2010 at 2:44 PM PDT
I have a webapp that is calling a web service supplied by a vendor. The vendor requires the use of client certificates for authentication, and I have successfully called their service using the PKCS#12 keystore they gave us with JAX-WS 2.2 using code like this:
System.setProperty("javax.net.ssl.keyStore", "myKeyStore.p12");<br />
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");<br />
The problem is, my webapp will be supporting multiple business units, and the vendor differentiates between our business units by issuing separate certificates for each. So I'm in a quandary: I have four PKCS#12 files, one per business unit, and my webapp will need to decide which one to use at runtime. Moreover, this webapp could be heavily used by many simultaneous users, and thus more than one of the certs may need to be used at the same time.
So it seems to me that I will need to include all four of my certs in the same keystore, but as they are supplied by the vendor, each cert/key pair comes in a separate .p12 file. Is it possible to combine all four p12 files into a single keystore using keytool?
Once I resolve that, how do I tell JAX-WS which certificate to present each time it contacts the vendor's web service?
Any insights would be very much appreciated.