Hi Alexey,
Maybe it is a general question, cause, we have to convert cer certificates
to jks keystore file(s) first before using it for the normal SSL accessing.
But, in SNI, it is inefficient/impossible when there are number of the
certificates in that file(s).
so, we need switch to the different certificate directly in the SNI. There
is no class to support it, we only have the setKeyStoreXXX in
SSLContextConfigurator for the keystore.
Currently, I am trying to use KeyStoreSpi, but I don’t know how to
integrate it with our SNI. Here is the keyStoreSPI URL for your reference
as below:
http://docstore.mik.ua/orelly/java-ent/security/ch11_03.htm
Meanwhile, I am also trying to overwrite the @Override [public NextAction
handleEvent(FilterChainContext ctx, FilterChainEvent event)] of the
SNIFilter, for switching to the matched certificate directly instead of the
SNIServerConfigResolver, SSLEngineConfigurator or even more. Is that
right/correct? What do you think of this? Do you have any good idea?
Thanks!
Lee
>>>>>>>>>>>>
Hi Lee,
do I understand correctly, that now it's general Java question, rather
than Grizzly, or you know how to implement what you need in Java and
just don't know how to do the same in Grizzly?
I don't have much experience in security area, but I remember I had to
convert cer certificates to jks (using Java keytool) in order to use them.
Thanks.
WBR,
Alexey.