Hi,
glassfish_at_javadesktop.org wrote:
>My web application performs some (Spring) service calls from appserver to appserver (both a are Glassfish v2). These calls are secured by client certificate authentication. I am using a private CA certificate to sign all server certificates. I have configured the necessary security settings such that everything appears to be working.
>
>In each server's keystore I have the original s1as certificate, as generated by the installation. In addition I also have each respective server's signed certificate which is set, by alias, as the certificate to use for authentication.
>
>Now assume server A is acting as the client, making https calls to server B. I have noticed (by examining the SslSession in a filter) that sometimes connections are initiated using the s1as certificate of server A and sometimes they are initiated using the other, 'correct' certificate. Only when I delete the s1as certificate, out of the keystore, is the 'correct' certificate used consistently.
>
>My question is whether this is expected behaviour? Is there a declarative way I can configure the server to always use a specific alias for client https connections or do I have to hack it by providing a custom KeyManager to always present the specific alias I want?
>
>
you can set the outbound keyalias in domain.xml using a jvmoption :
<jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias="correct"</jvm-options>
Can you calrify whether the random behaviour is being observed for the
same Server A each time you run it.
thanks.