0

I have a Spring Boot (v1.3) web service running Tomcat 8 with endpoints that hit multiple downstream services. Each downstream service requires information in the user's certificate that was signed by that downstream service's CA.

A user will have all of the certs they need (a cert for each of the necessary CAs), but the service needs to obtain a different cert for each endpoint. Is there a way to do that (get a specific or all certs from a user's browser)?

(Maybe something along the lines of grabbing the tomcat SSLSessionManager (org.apache.tomcat.util.net.SSLSessionManager) in the appropriate controller and invalidating the session/ca...and asking for a different one..)

eze
  • 2,332
  • 3
  • 19
  • 30

1 Answers1

0

It is not clear to me what you want : have multiple tomcat endpoints the user can connect to, or call multiple endpoints from your tomcat.

If this is the first one, then you can either:

  • declare multiple tomcat connectors, each with its own keystore
  • or add a front server (like Apache, Nginx, HAProxy, etc.) that will handle the SSL part given a requested DNS

If this is the second solution you need, you can have one keystore with all certificates.This keystore can be registered to the JVM through the javax.ssl properties. See java SSL and cert keystore for more information

Community
  • 1
  • 1
Alexandre Fillatre
  • 122
  • 8
  • I would like to obtain different certs from the user's browser based on the endpoint. I'm hoping to not create different connectors because I don't want a user to have to use different ports. – eze May 17 '16 at 21:28
  • Then using a front is an easy way to do that :) – Alexandre FILLATRE May 19 '16 at 07:12