How the proper SSL certificate is selected from java keystore in order to be sent to corresponding endpoint in case of mutual TLS

Question

I have an HTTPS endpoint that requires a client certificate(mutual TLS). I have created a keystore using KeyStore Explorer tool and inserted the client certificate and private key into it(entry has an alias, that is some random string).

Then I have attached that keystore to RestTemplate and my question is the following:

How the right entry(certificate) is picked up from keystore when the call is made to a particular endpoint ? What if I have multiple certificates inserted into keystore so that each of them should be picked up only in case when request is made to an appropriate endpoint(domain).

Does this answer your question? [How is the SSL client certificate chosen when there are multiple matching certificates?](https://stackoverflow.com/questions/23527426/how-is-the-ssl-client-certificate-chosen-when-there-are-multiple-matching-certif) — leo, Mar 13 '23 at 08:56

score 0 · Answer 1 · answered Jun 19 '20 at 16:32

If you are maintaining multiple public private key entries in one keystore file, then in each connector of respective public keys you need to pass the value in java as "keytoreAlias" . This way the application can distinguish which certificate to Cal based on alias mentioned.

How the proper SSL certificate is selected from java keystore in order to be sent to corresponding endpoint in case of mutual TLS

1 Answers1