This discussion is archived
1 2 Previous Next 26 Replies Latest reply: Oct 10, 2012 7:31 PM by EJP Go to original post RSS
  • 15. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    843811 Newbie
    Currently Being Moderated
    Hmm, well, no luck =(

    I tried to do it statically, so I commented out the provider references in the "readKeyStoreFromSmartCard" class.
    And have the following in the java.security file on my local machine (I decided to put the pkcs11.cfg file in same directory as java.security) :
    security.provider.10=sun.security.pkcs11.SunPKCS11 pkcs11.cfg
    The cfg file has this:
    name=ActiveClientProvider
    library=C:\WINDOWS\system32\acpkcs211.dll
    So the "readKeyStoreFromSmartCard" reads like this now:
    public static void readIt() throws
            Exception {
                  String alias = null;
                  KeyStore lks = KeyStore.getInstance("SunPKCS11"); //WHAT TO PUT HERE?
                  lks.load(null,null);
                  //Provider p = lks.getProvider();
                  
                  //String configName = "C:/Program Files/Java/jre1.6.0_05/lib/security/pkcs11.cfg";
                   //Provider p = new sun.security.pkcs11.SunPKCS11(configName);
                   //Security.addProvider(p);
                  System.out.println("--------------------------------------------------------");
                  //System.out.println("Provider   : " + p.getName());
                  //System.out.println("Prov.Vers. : " + p.getVersion());
                  System.out.println("KS Type    : " + lks.getType());
                  System.out.println("KS DefType : " + lks.getDefaultType());
              
                  Enumeration <String> al = lks.aliases();
                  while (al.hasMoreElements()) {
                      alias = al.nextElement();
    ...
    Notice my comment "what to put here?". I only ask because that is where the "PKCS11 Not found error occurs".
    It throws a KeyStoreException, which from the API states will happen when:
    "the requested keystore type is not available in the default provider package or any of the other provider packages that were searched."

    So I tried to put the following:
    KeyStore lks = KeyStore.getInstance("PKCS11"); 
    KeyStore lks = KeyStore.getInstance("SunPKCS11"); 
    KeyStore lks = KeyStore.getInstance("ActiveClientProvider"); 
    KeyStore lks = KeyStore.getInstance("SunPKCS11-ActiveClientProvider");
    All give the same KeyStoreException on that line saying either "PKCS11 not found" or "SunPKCS11 not found", etc.

    Good note though, I did get the System Properties to run with no worries.
    Java Home was this:
    'java.home' = 'C:\Program Files\Java\jre1.6.0_03'

    and for Java Library:
    'java.library.path' = 'C:\Program Files\Java\jre1.6.0_03\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;...(much more).


    Very strange though about the KeyStoreException being thrown. For whatever reason, it cannot find the provider.

    Any other ideas, I'm a bit lost as where to go from here.

    thanks again,

    SK

    Edited by: scryptkiddy on Apr 14, 2008 12:04 PM
  • 16. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    843811 Newbie
    Currently Being Moderated
    Boy oh boy,

    what the heck is this. But we're going together through this.

    1. This and only this the keystore type !
    System.setProperty("javax.net.ssl.keyStoreType", "PKCS11");
    But you don't need to set it as system property if your running the readIt() method.

    2. This and only this is your provider name !
    System.setProperty("javax.net.ssl.keyStoreProvider", "SunPKCS11-ActiveClientProvider");
    But you don't need to set it as system property if your running the readIt() method.

    If it finally would run one day, you could let the provider name display with
    Provider p = lks.getProvider();
    System.out.println("Provider   : " + p.getName());
    System.out.println("Prov.Vers. : " + p.getVersion());
    But this is only step 2.

    We're getting lost in configuration twisting.
    There are really only a few lines needed to get this thing fly.
    And we've alle the parts: java.security, pkcs11.cfg, and one line of code!
    import java.security.KeyStore;
    import java.security.*;
    
    public class TestPKCS11 {
        public static void main(String[] args) {
            try {
                KeyStore lks = KeyStore.getInstance("PKCS11");
                System.out.printf("KS Type    : " + lks.getType());
            } catch (KeyStoreException ex) {
                ex.toString();
            }
        }
    }
    Questions

    1.) Which OS are you using (XP, Vista?)
    2.) In a previous posting you talked about this exception.
    java.security.ProviderException: slotListIndex is 0 *but token only has 0 slots*
    I would assume that you got the right configuration at least once, otherwise you wouldn't got this error, or?

    (desperately) NX-01
  • 17. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    843811 Newbie
    Currently Being Moderated
    Appreciate the patient help here NX!

    Seems like I'm really close, but something is VERY fundamentally wrong somewhere.
    Just wish I had more experience with reading certificates from smart cards =)

    And I'm definitely stretching here with my guessing on the keystore Type and Provider Name,
    thanks for making it clear, sometimes I need that =) Because I agree, I am getting lost in the configuration setup for this.

    As far as OS, my local machine here is XP Pro, the server I'm running is Windows Server 2003.


    Now on the progress report, haha.
    I'll split the rest of this post into 2 parts. First part deals with running readKeyStoreFromSmartCard and its results / issues.
    The second part will be about what configuration I used to get that error about the slotIndex. I kept that class file seperate
    so I could reference it later.



    Part 1*

    The readKeyStoreFromSmartCard now has the correct keystore type and provider name =)
    Below is the current entire source I'm running / testing and its result, (but with some good news as well after).
    It is loading the provider dynamically, so I have the java.security line commented out where this provider / cfg file
    entry would go.

    Source:
    import java.security.KeyStore;
    import java.security.Provider;
    import java.security.Security;
    import java.util.*;
    import java.security.cert.X509Certificate;
    
    public class readKeyStoreFromSmartCard {
    
         /**
          * @param args
          */
         public static void main(String[] args) {
              // TODO Auto-generated method stub
              
              try {
                   readIt();
              }
              catch (Exception e) {
                   e.printStackTrace();
              }
    
         }     
              public static void readIt() throws
            Exception {
                  String alias = null;
                  KeyStore lks = KeyStore.getInstance("PKCS11");
                  lks.load(null,null);
                  //Provider p = lks.getProvider();
                  
                  String configName = "C:/Program Files/Java/jre1.6.0_05/lib/security/pkcs11.cfg";
                              Provider p = new sun.security.pkcs11.SunPKCS11(configName);
                   Security.addProvider(p);
                  System.out.println("--------------------------------------------------------");
                  System.out.println("Provider   : " + p.getName());
                  System.out.println("Prov.Vers. : " + p.getVersion());
                  System.out.println("KS Type    : " + lks.getType());
                  System.out.println("KS DefType : " + lks.getDefaultType());
              
                  Enumeration <String> al = lks.aliases();
                  while (al.hasMoreElements()) {
                      alias = al.nextElement();
                      System.out.println("alias:" + alias);
                      System.out.println("--------------------------------------------------------");
                      if (lks.containsAlias(alias)) {
                          System.out.println("Alias exists : '" + alias + "'");
                          X509Certificate cert = (X509Certificate) lks.getCertificate(alias);
                          System.out.println("Certificate  : '" + cert.toString() + "'");
                          System.out.println("Version      : '" + cert.getVersion() + "'");
                          System.out.println("SerialNumber : '" + cert.getSerialNumber() + "'");
                          System.out.println("SigAlgName   : '" + cert.getSigAlgName() + "'");
                          System.out.println("NotBefore    : '" + cert.getNotBefore().toString() + "'");
                          System.out.println("NotAfter     : '" + cert.getNotAfter().toString() + "'");
                          System.out.println("TBS          : '" + cert.getTBSCertificate().toString() + "'");
                      } else {
                          System.out.println("Alias doesn't exists : '" + alias + "'");
                      }
                  }
              }
    
    
    }
    Here is the cfg file:
    name=ActiveClientProvider
    library=C:\WINDOWS\system32\acpkcs211.dll
    Now the result is the same... "java.security.KeyStoreException: PKCS11 not found" but I have some good news....
    well, we'll just call it news for now =)

    If I change this line
    KeyStore lks = KeyStore.getInstance("PKCS11");
    to this:
    KeyStore lks = KeyStore.getInstance("JKS");
    It outputs this:
    Provider : SunPKCS11-ActiveClientProvider
    Prov.Vers. : 1.6
    KS Type : JKS
    KS DefType : jks

    It never enters the Enumeration loop, but at least no errors. This is all being run on my local workstation.
    So it can find the JKS Provider but not PKCS11? AARRGG! =)


    Part 2*
    Going back to when I had the slotIndex error. This is the Class code and the servlet that called it:
    Class:
    import java.util.Hashtable;
    import java.io.*;
    import javax.naming.*;
    import javax.naming.ldap.*;
    import javax.naming.directory.*;
    
    import java.security.cert.*;
    import java.security.*;
    import java.security.KeyStore.Builder.*;
    import java.security.KeyStore.*;
    import java.security.cert.Certificate;
    import sun.security.pkcs11.*;
    import java.security.Provider;
    
     /* TEST FILE -- NOT NEEDED */
    
    public class searchexternals 
    {
         public String returnStuff (X509Certificate certs, String adminName)
         {
              String ldapURL = "ldaps://my.company.com:636";
              String upn = "4321650987@mil"; 
              String returnValue = "";
              Hashtable env = new Hashtable();
              
              
              try {
                   System.out.println("1a");
                   //Dynamic Provider
                   String configName = "C:/Program Files/Java/jre1.6.0_03/lib/security/pkcs11.cfg";
                   Provider p = new sun.security.pkcs11.SunPKCS11(configName);
                   Security.addProvider(p);
                   
                   //LDAP
                   env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
                   env.put(Context.PROVIDER_URL,ldapURL);
                   env.put(Context.SECURITY_PROTOCOL, "ssl");
                   env.put("java.naming.ldap.version", "3");
                   env.put("java.naming.ldap.factory.socket", "javax.net.ssl.SSLSocketFactory");
                   env.put(Context.SECURITY_AUTHENTICATION, "EXTERNAL");
                   
                   //SMARTCARD / Provider
                   System.setProperty("javax.net.ssl.keyStoreURL", "NONE");
                   System.setProperty("javax.net.ssl.keyStoreType", "PKCS11");
                   System.setProperty("javax.net.ssl.keyStoreProvider", "SunPKCS11-ActiveClientProvider");
                   
                   //TRUST STORE / ROOT CERTIFICATES
                   String trustStore = "C:/Program Files/Apache Software Foundation/Tomcat 5.5/webapps/ako/security/cacerts";
                   System.setProperty("javax.net.ssl.trustStore",trustStore);
    
    
    
                   //Create the initial directory context
                   InitialLdapContext ctx = new InitialLdapContext(env, null);
                   
                   ....more code
    the servlet that calls it:
    <%@ page import="java.security.cert.*" %>
    <%@ page import="javax.net.ssl.*" %>
    <%@ page import="java.security.*" %>
    <%@ page import="java.util.Hashtable" %>
    <%@ page import="java.io.*" %>
    <%@ page import="javax.naming.*" %>
    <%@ page import="javax.naming.ldap.*" %>
    <%@ page import="javax.naming.directory.*" %>
    <%@ page import="tnosc.*" %>
    <%@ page import="java.security.cert.Certificate" %>
    
    
    <% 
                    //User certificate 
         X509Certificate[] certChain = (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
         X509Certificate cert = certChain[0];
         
         searchexternals se = new searchexternals();
         
         String stuff = "";
         stuff = se.returnStuff(cert, "myName");
                                 
         
    %>
    <table >
         <tr><td>Stuff<%= stuff %></td></tr>
    </table>
      </body>
    </html>
    I was basically trying to get a certificate from the users browser (via request.getAttribute) then somehow
    pass it into the class which would bind with that certificate and run a query as that person.

    This is running on the Win 2003 Server. I'm loading the provider dynamically, so the java.security file is untouched
    and the pkcs11.cfg file reads like this:
    name=ActiveClientProvider
    library=C:\WINDOWS\system32\acpkcs211.dll
    Sooooo..... looks like I can get JKS to run, but not PKCS11. And as far as the code above... it works (I guess), but gives
    me a slotIndex error....Grrrrrr

    Thanks again for all the help NX, you are da bomb =)

    SK
  • 18. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    843811 Newbie
    Currently Being Moderated
    NX, IT WORKS!!!

    I was looking for other examples of how to simply "List out the certificates from SmartCard". One hit that came up was
    [this one|http://forum.java.sun.com/thread.jspa?forumID=9&threadID=5285121].

    Then looking at my code, it looked pretty much the same, except...

    The call to getInstance method for the Keystore was AFTER the Provider had been instantiated.

    So I went from this:
    ....
         public static void readIt() throws
            Exception {
                  String alias = null;
                  KeyStore lks = KeyStore.getInstance("PKCS11");
                  lks.load(null,null);
                  
                  String configName = "C:/Program Files/Java/jre1.6.0_03/lib/security/pkcs11.cfg";
                   Provider p = new sun.security.pkcs11.SunPKCS11(configName);
                   Security.addProvider(p);
                   
    ....
    getting "PKCS11 not found"

    to this:
    ....
         public static void readIt() throws
            Exception {
                  String alias = null;
                  
                  String configName = "C:/Program Files/Java/jre1.6.0_03/lib/security/pkcs11.cfg";
                   Provider p = new sun.security.pkcs11.SunPKCS11(configName);
                   Security.addProvider(p);
                   
                  KeyStore lks = KeyStore.getInstance("PKCS11");
                  lks.load(null,null);     
    ....
    and it spits out everything about the certs (I have 3 on my smartcard) and all the information inside that enumeration loop.
    So it WAS something fundamentally wrong, I basically was instantiating a KeyStore Object BEFORE loading the provider.
    This probably would not have happened had I loaded the provider statically in the java.security file.... not sure though.

    THANKS again for the assistance NX!


    Last part now, if you have any patience left =) . Since this was kinda step1for me, "read the certificates from smartcard".
    The second step for me is "read the certificates of a smartcard from the users browser" (using clientauth=true). Because I need this on my server now (.jsp)
    The third and final step "use the certificate (from step 2) to run a query / modify command" (using JNDI).

    Refer to my last post.

    So now I can do step 1 (thanks again!)
    Step 2 is confusing because the test we ran lets me read the card that is LOCALLY attached. I need to reference a certificate from the browser
    to the users workstation.
    Step 3 is also a bit confusing, assuming I can read the certificate from the client's browser, how do I use it to do a bind for create / modify command in JNDI?

    thanks a million again for getting me this far!
    hopefully step 2 and 3 are not impossible =(

    SK
  • 19. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    EJP Guru
    Currently Being Moderated
    This probably would not have happened had I loaded the provider statically in the java.security file
    It definitely would not have happened.
  • 20. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    843811 Newbie
    Currently Being Moderated
    Thanks for the clarification ejp, I was a bit nervous to actually test it now that I'm 1/3rd of the way through
    this hairpulling project =)

    Any insight to my other 2/3rd's of this project?

    thanks in advance,

    SK
  • 21. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    EJP Guru
    Currently Being Moderated
    System.setProperty("javax.net.ssl.keyStoreURL", "NONE");
    You seem to have made this system property up. It doesn't exist. Check what it says at http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#ConfigSmartcard again. You may also need to check the next section http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#MultiDynamicKeystores.
  • 22. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    843811 Newbie
    Currently Being Moderated
    What shall I say.
    Welcome aboard on the starship!

    At least my assuming was right, that the provider declaration was somehow not available.
    I'm not a friend of dynamically elements, at the time of learning how to start.
    If I would have tried it dynamically, I would have maybe seen the wrong order.
    But my focus was on getting it to work as simple as possible.
    Anyway.

    So, let's go west!

    Step 2
    This exactly what I try to figure out right now.
    I'm using the GlassFish AppServer 9.1.

    At the moment we share the same confusion about locally SCR an remote Server.
    Don't want to get funny, but my first attempt is to use a statically approach ;-).
    Means the clients JRE(java.security) contains all the provider information.
    But this is still in progress. Propably I can return to this step next week.

    Step 3
    see above.

    In the meantime maybe you do some progress in step 2 and 3.
    I'm longing for information on that.

    But what you can try now to keep the first attempt simple.
    Use my simple JNDI code or your searchexternals class in a simple console app.
    Just to get sure that it can work.
    Or is it already working in a simple console app?

    regards NX
  • 23. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    843811 Newbie
    Currently Being Moderated
    First to ejp:

    I actually got that line entry from here: http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#JAAS
    under the PKCS11 Guide. Not sure how far off that is from where I need to be, but the terminology, and my
    knowledge of working with smartcards is very little (but growing) =)

    The other links you sent look very good, hopefully they have a working example. The one thing that caught my
    attention on both links is that it states its for "Java Applications" and "J2SE" specifically. Only reason I ask is because
    after skimming through it, there did not seem to be any indication of a web based TrustStore / KeyStore. I'm working with
    servers and servlet containers (Tomcat) in J2EE. Does that mean that the guide is only for locally (client based)
    applications? Just curious before I delve into too deep.


    NX,

    Definitely glad to finally be on board, lets hope I'm on the right flight =)
    I've never heard of GlassFish AppServer, is that a servlet container like Tomcat, or something else?

    As far as step 2, I am lucky enough to have a baseline installed on all the workstations, meaning ALL of the clients have
    the SCR manufacturers library (dll) available. So any client hitting my web page will have a smartCard reader in their workstation
    with libraries on their local machine.


    As far as step 3, making an ldap bind with a certificate, I've never seen an example. I can do simple binds using username / password like:
     
    ...
    Hashtable env = new Hashtable();
    String ldapURL = "my.company.com:636";
                                  
                                  env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    
                                  //connect to my domain controller
                                  env.put(Context.PROVIDER_URL,ldapURL);
                                  
                                  env.put(Context.SECURITY_AUTHENTICATION,"simple");
                                  env.put(Context.SECURITY_PRINCIPAL,userName);
                                  env.put(Context.SECURITY_CREDENTIALS,userPwd);
                                  
                                  //specify the use of SSL
                                      env.put(Context.SECURITY_PROTOCOL,"ssl");                             
      
                                      //Access the truststore 
                                      String truststore = "C:/security/cacerts";
                                      System.setProperty("javax.net.ssl.trustStore",truststore);
                            
                                  try {
                   
                                     //Create the initial directory context
                                     LdapContext ctx = new InitialLdapContext(env,null);
    
    ....
    But I'm trying to bind now with (simple / psuedo) the users cert...something like:
    ...
    Hashtable env = new Hashtable();
    String ldapURL = "my.company.com:636";
                                  
                                  env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    
                                  //connect to my domain controller
                                  env.put(Context.PROVIDER_URL,ldapURL);
                                  
                                  env.put(Context.SECURITY_AUTHENTICATION,"EXTERNAL");
                                  env.put(Context.SECURITY_CREDENTIALS, X509CertificateObject);
                                  
                                  //specify the use of SSL
                                  env.put(Context.SECURITY_PROTOCOL,"ssl");                             
      
                                      //Access the truststore 
                                      String truststore = "C:/security/cacerts";
                                      System.setProperty("javax.net.ssl.trustStore",truststore);
                            
                                  try {
                   
                                     //Create the initial directory context
                                     LdapContext ctx = new InitialLdapContext(env,null);
    
    ....
    So the short answer is no, nothing working on the local console to bind to ldap server with certificate.


    I also thought of something as I was looking at my previous posts. In my searchexternals class and the test.jsp
    servlet that calls it, I am actually reading the users X509certificate from the web... I have a trustStore that is used to
    determine if the users are trusted (see searchexternals TRUST STORE section). I also have my server.xml set to
    "clientauth=true" which prompts them for a certificate and pin (they select the one on the smartcard)...

    Hmm... I think I already have step 2 then, whattya think? Which means I can use that cert to bind now.

    If only there was an example of how to bind with a certificate!! (I just searched, haha).

    (Aboard starship but with no return ticket) =)

    SK
  • 24. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    843811 Newbie
    Currently Being Moderated
    Hi SK,

    the GlassFish AppServer is THE (free) Java/J2EE Applicationserver from Sun.
    Also called 'Open Source Application Server for Java EE 5'

    [https://glassfish.dev.java.net/|https://glassfish.dev.java.net/]

    It's the OpenSource SpinOff of the former SUN AppServers 7/8/9 versions or much earlier iPlanet AppServer 6.

    [http://www.sun.com/software/products/appsrvr/index.jsp|http://www.sun.com/software/products/appsrvr/index.jsp]

    The comercial version ist the 'Sun Java System Application Server 9.1 U1'

    The SJSAS9.1 contains GF with contains the Tomcat engine.

    So far about the historically background.

    The principal approach for web frontends are identical,
    because we're talking about a java based web engine,
    or to be more preciously, about the same java based web engine, called Tomcat.

    For the first tests I'm using the java tutorial examples.
    [http://java.sun.com/docs/books/tutorial/|http://java.sun.com/docs/books/tutorial/]
    There are some 'hello world' examples for web based authen.
    And there I also say :
    <auth-method>CLIENT-CERT</auth-method>
    or at least I try it.

    We both have windows clients with SCRs, users that log in with their SC and (web)apps that need a cert based authentication
    So you see, we're are somehow on the same ship
    But there are of course some differences in the background.
    W23K/Tomcat vs. Solaris/GF.

    I split my search&destroy in 3 steps.
    1. cert based ldap authen with JNDI (a console hello world app). This Thread!
    2. web conf to make use of locally docked SCRs. Theoratically already done.

    After both is working I start the merge.
    3. cert based ldap authen with JNDI in the web environment

    A question you should consider and maybe give me glance of your environmentally approach is this.

    Out of the box Tomcat/GF can only use a internal keystore for cert verfications.
    May the community correct this assumption.

    And if you're doing all this not only for your private purposes, we're talking propably about more then 10 users.
    Maybe hundreds or even thousands.
    And I also assume that all the certs and all the user information are stored in your company LDAP.
    How do you or someone want to manage all this certs in 2 locations (LDAP/Tomcat keystore).
    I would say impossible.
    So we're talking about a own JAAS implementation (for web).

    This leads me now to the point that we're drifting now out of the topic of this huge thread.
    Which was about Java&PKCS11 access.
    I think we should close this thread and continue in a new thread called somehow like
    +'JAAS implementation for cert based authentication in a web container'+.

    In the new thread we can try to authenticate against a local keystore or immediately work on the JAAS implementation.

    But first we should get sure that you have a working 'hello world' console app
    that does not only user/pwd authentication, but also does a cert based authen against LDAP.

    But even this could be or should be a new thread called +'cert based ldap authentication'+.

    What do think about that?

    Best regards
    NX
  • 25. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    843811 Newbie
    Currently Being Moderated
    NX,

    Very interesting on the history, thanks for the information.
    Hmm, same river / path, different boats? W2K3/Tomcat vs Solaris/GF. =)

    I clicked on that tutorial, I did not find any links for "web based authen", did a few searches, no luck there, not sure
    where you found that
    <auth-method>CLIENT-CERT</auth-method>
    example, unless I'm overanalyzing and its just psuedo =)


    As far as the step 2 "web conf to make use of the locally docked SCRs", do you mean server.xml where the Connector is set
    to use certificates: clientAuth=true, trustore=...keystore=...etc?
    If so, I would agree that it is already done as well.

    --Yes, definitely for hundreds / thousands of people =)

    And I agree, we've exhausted this thread, and are a bit off topic, I'll start a new thread: "'cert based ldap authentication'"

    thanks,

    SK

    Edited by: scryptkiddy on Apr 17, 2008 11:37 AM
  • 26. Re: PKCS11 & javax.net.ssl.keyStoreAlias
    EJP Guru
    Currently Being Moderated
    First to ejp:

    I actually got that line entry from here: http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#JAAS
    under the PKCS11 Guide.
    You made it up. There is a keyStoreURL parameter to a PKCS11 KeystoreLoginManager JAAS config file. The system property you invented is imaginary, as is java.net.ssl.keyStoreAlias.

    Ancient thread but important correction.
1 2 Previous Next