1

I've a tomcat instance with many webapps. Some of them require their own independent keystore to call an external Web Service over SSL. So far the only way I've found to use the provided keystore is using:

System.setProperty("javax.net.ssl.trustStore", "mykeystore.jks");
System.setProperty("javax.net.ssl.trustStorePassword","mypwd");

But the problem with this way is that the scope of the system properties is per java process, (tomcat shares the same JVM for all the webapps) and this would affect all the other webapps. Right?

How can I use a specific keystore per every webapp in my tomcat instance and keep it limited to the specific Web Service call?

It might matter that I'm using Axis(1) WS clients.

davidmontoyago
  • 1,834
  • 14
  • 18
  • [This](http://stackoverflow.com/questions/1788031/how-can-i-have-multiple-ssl-certificates-for-a-java-server) may help. – MarkOfHall May 14 '13 at 20:50
  • The solution for Axis(1) is https://code.google.com/p/axis-ssl/ – davidmontoyago May 14 '13 at 22:18
  • 1
    Why can't you use a single combined truststore? A truststore is just a set of certificate *signers* that you trust. Why is that different for different services? – user207421 May 16 '13 at 22:20
  • Because we have a components based architecture and want to have modularity. Also we don't want to configure certificates in each environment or server. – davidmontoyago May 17 '13 at 17:02

1 Answers1

1

I'm not very familiar with Axis, but there should be a way to configure a keystore or truststore in Axis, for the HTTP client it is using for your web service calls.

Configuring the keystore on Tomcat level is not the way to go, as you found out already.

Tom
  • 1,414
  • 12
  • 21
  • Tom, you response gave me some insight of what I should be looking for and I found: https://code.google.com/p/axis-ssl/ Thanks. – davidmontoyago May 14 '13 at 22:17