0

I would like to store keystore for 2 different domains programatically. Below is the code to load keystore for domain A. I would like to do it for domain B. Both Keystore would be used in the same application.

public static SSLContext createSSLContext() throws Exception{
    KeyStore clientStore = createKeyStore();
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(clientStore, "password".toCharArray());
    KeyManager[] kms = kmf.getKeyManagers();
    SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
    sslContext.init(kms, null, new SecureRandom());

    return sslContext;
}
public static KeyStore createKeyStore() throws Exception{
    KeyStore clientStore = KeyStore.getInstance("PKCS12");
    try {
        clientStore.load(new ByteArrayInputStream("PKCS12 info"), "password".toCharArray());

    } catch(Exception e){
        e.printStackTrace();
    }
    return clientStore;
}
Sarav
  • 245
  • 3
  • 12
  • Keystores aren't directly related to domains. Keystores contain _certificates_ with matching privatekeys. You can have different certificates and keys for different domains, in which case they can be in the same keystore or different keystores, or you can have one certificate and key for multiple domains, in which case it is in only one keystore. If you have one keystore you can load it with the code you show, and if you have multiple keystores you can load each of them by repeating or duplicating that code. What's the question? – dave_thompson_085 Oct 22 '20 at 17:39
  • When I do that I see, sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target executing POST – Sarav Oct 22 '20 at 18:40
  • 1
    If that's on the server it _probably_ means the keystore you are using in the client is wrong -- but it _is_ being used. If that's on the client it has nothing to do with any keystore(s), it's about your _truststore(s)_ which are separate and different. – dave_thompson_085 Oct 27 '20 at 07:23
  • Right I was missing TrustStore keys. After adding them, it worked! – Sarav Oct 28 '20 at 00:03

1 Answers1

0

As dave-thompson-085 mentioned, I was missing TrustStore keys. Snippet from following post was helpful. Programmatically Import CA trust cert into existing keystore file without using keytool

Sarav
  • 245
  • 3
  • 12