Databases
StackOverflow2013
Postsdbo
POHow can I have multiple SSL certificates for a Java server
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow can I have multiple SSL certificates for a Java server
    primarykey
    data
    text
    <p>I have an in-house HTTP server written in Java; full source code at my disposal. The HTTP server can configure any number of web sites, each of which will have a separate listen socket created with:</p> <pre><code>skt=SSLServerSocketFactory.getDefault().createServerSocket(prt,bcklog,adr); </code></pre> <p>Using a standard key store created with the Java keytool, I cannot for the life of me work out how to get different certificates associated with different listen sockets so that each configured web site has it's own certificate.</p> <p>I'm in a time pinch for this now, so some code samples that illustrate would be most appreciated. But as much I would appreciate any good overview on how JSSE hangs together in this regard (I have searched Sun's JSSE doco until my brain hurts (literally; though it might be as much caffeine withdrawal)).</p> <p><strong>Edit</strong></p> <p>Is there no simple way to use the alias to associate the server certificates in a key store with the listen sockets? So that:</p> <ul> <li>The customer has one key store to manage for all certificates, and</li> <li>There is no need to fiddle around with multiple key stores, etc.</li> </ul> <p>I was getting the impression (earlier this afternoon) that I could write a simple KeyManager, with only <code>chooseServerAlias(...)</code> returning non-null, that being the name of the alias I wanted - anyone have any thoughts on that line of reasoning?</p> <p><strong>Solution</strong></p> <p>The solution I used, built from <a href="https://stackoverflow.com/users/3474/sylvarking">slyvarking</a>'s answer was to create a temporary key store and populate it with the desired key/cert extracted from the singular external key store. Code follows for any who are interested (svrctfals is my "server certificate alias" value):</p> <pre><code> SSLServerSocketFactory ssf; // server socket factory SSLServerSocket skt; // server socket // LOAD EXTERNAL KEY STORE KeyStore mstkst; try { String kstfil=GlobalSettings.getString("javax.net.ssl.keyStore" ,System.getProperty("javax.net.ssl.keyStore" ,"")); String ksttyp=GlobalSettings.getString("javax.net.ssl.keyStoreType" ,System.getProperty("javax.net.ssl.keyStoreType" ,"jks")); char[] kstpwd=GlobalSettings.getString("javax.net.ssl.keyStorePassword",System.getProperty("javax.net.ssl.keyStorePassword","")).toCharArray(); mstkst=KeyStore.getInstance(ksttyp); mstkst.load(new FileInputStream(kstfil),kstpwd); } catch(java.security.GeneralSecurityException thr) { throw new IOException("Cannot load keystore ("+thr+")"); } // CREATE EPHEMERAL KEYSTORE FOR THIS SOCKET USING DESIRED CERTIFICATE try { SSLContext ctx=SSLContext.getInstance("TLS"); KeyManagerFactory kmf=KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore sktkst; char[] blkpwd=new char[0]; sktkst=KeyStore.getInstance("jks"); sktkst.load(null,blkpwd); sktkst.setKeyEntry(svrctfals,mstkst.getKey(svrctfals,blkpwd),blkpwd,mstkst.getCertificateChain(svrctfals)); kmf.init(sktkst,blkpwd); ctx.init(kmf.getKeyManagers(),null,null); ssf=ctx.getServerSocketFactory(); } catch(java.security.GeneralSecurityException thr) { throw new IOException("Cannot create secure socket ("+thr+")"); } // CREATE AND INITIALIZE SERVER SOCKET skt=(SSLServerSocket)ssf.createServerSocket(prt,bcklog,adr); ... return skt; </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USCommunity
    1. USLawrence Dol
    plurals
    1. This table or related slice is empty.
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTLinked
    3. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POHow can I have multiple SSL certificates for a Java server
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POHow can I have multiple SSL certificates for a Java server
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POHow can I have multiple SSL certificates for a Java server
      1. USkellyfj
      1. VTFavorite
    1. COYou can implement your own KeyManager pretty easily, but your idea of building a new, temporary KeyStore in memory using an alias into the "master" key store is a good one.
      singulars
      1. POHow can I have multiple SSL certificates for a Java server
      1. USerickson
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload