I have a Java CXF client that connects to a secure SSL mutual service with mutual authentication. I have a keystore and my trust store is correctly configured on the client side and it works fine.
My concern is that my keystore contains only one client certificate, and in the CXF configuration you cannot say “ok for this SSL connection you will use this certificate”.
Since I have only one certificate, it’s easy for you to choose a good, reliable CXF SSL handshake. But this client will be deployed in an environment where it will be used with several potential clients that have their own certificate, and each of them will be signed by the same certification authority. When a server requests a client certificate signed by a specific authority, there will be no way to distinguish one certificate from another.
How can I tell CXF (or Java) to use the appropriate certificate in this context?
Do I need to create as many SSL contexts as client certificates? (i.e., having N key stores, each of which contains only one certificate). Or is there a way (in CXF conf or Java) to say "use this certificate in this context"?
Thanks in advance for your help.
source
share