views:

80

answers:

1

hi,

I am pretty new to certificates, but I have to do something like this (in Java):

1) I have requestor's certificate in my hand:

X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");

2) I need to request another url with that certificate (is it even possible?), something like:

URL url = new URL(server);
            HttpURLConnection connection = (HttpURLConnection) url.openConnection();
            if (connection instanceof HttpsURLConnection) {
                ((HttpsURLConnection) connection).setSSLSocketFactory(???);
            }

My question is: how do I link certificates from 1) with request from 2)?

cheers.

A: 

You won't be able to do this. In order to establish an authenticated SSL connection you need both the public and private components of the certificate. It would be a security hole to do something like what you are suggesting, allowing a server to masquerade as an entity that it isn't.

laz
Thanks, I did reveal that wont be possible later.
tomek