java trust store
https://stackoverflow.com/questions/12023441
-
27-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianВопрос
I understand how keystores work for private keys. Basically you create a keystore, generate/sign/store the keys and based on the alias the container (JBoss, tomcat, WebLogic or WebSphere) will load the appropriate keys during initialization. My question has to do with the truststores. If the container makes a request to an external website, which has a key signed by say Thawte, how does the container know which public key to supply from its truststore to allow the ssl handshake to complete ? The truststore definitely has an alias but when the container invokes a connection to a remote site, I really doubt if it uses an alias to find the matching public key.
Решение
It doesn't have to supply or even find a matching public key. The public key is already present, in the certificate provided by the peer. It has to find a certificate in the truststore matching a certificate in the certificate chain provided by the peer: that is, it has to find a certificate whose SubjectDN matches the incoming IssuerDN. Certainly aliases don't come into it, as they are not transmitted, not being part of the SSL protocol.
