I have a web application deployed on tomcat 8 which consumes web services from two different systems each requiring mutual authentication. Now I need to integrate my application with two different client certificates or we can say two different keystores with different passwords. Now I am having difficulties using the correct certificate for both the services.
I am calling one of the services using my own code but the second service is called from a third party library and I do not have control over its caller code. If I use any one keystore, then the respective service call is successful but other one fails.
I have tried following approaches but failed in all of them -
- I created a new keystore and added both certificates in keystore and setting "javax.net.ssl.keyStore", "javax.net.ssl.trustStore" and corresponding passwords in environment variables. This makes only one service call successful.
- I removed the above environment variables and called one service with programmatically configured SSL context (something like Access Https Rest Service using Spring RestTemplate). This leads to one successful service and other fails (obviously).
- I configured "javax.net.ssl.keyStore", "javax.net.ssl.trustStore" and corresponding passwords containing one key only for one service and setting SSLContext of the other service programmatically as in the previous step. This leads to failure of service which was successful in step 2 (maybe other keystore overrides this?) and success of the other service.
- I tried changing the passwords of keys to make them same with each other and also same with keystore. This also fails one service.
Any suggestions what I could try next or what the problem is actually with above approaches?
