|
|
|
|
|
To use the default JVM JSSE implementation, set the following system properties:
In addition, the password to the key must be the same as the one to the keystore.
As most HTTP clients (for example, Web browsers) keep their client credentials in PKCS#12 format, you should use some special tool to convert them into the JKS format, which is default for most JVM JSSE implementations. For example, you might use OpenSSL or you can write a simple converting program based on java.security.KeyStore instances for JKS and PKCS#12 keystore types and run it on JDK 1.4 or later.
If you are using JDK 1.4 and later, besides the conventional JKS format, you can use keystores of the PKCS#12 type thus avoiding conversion to JKS format if using ready PKCS#12 files holding entity private keys and certificates. Set the above keystore and truststore properties to point to the relevant PKCS#12 files, and additionally specify the system properties javax.net.ssl.trustStoreType=pkcs12 and javax.net.ssl.trustStoreProvider=SunJSSE.
The properties above should not be set in default.prs or common.prs, but be available in the command line for starting the OSGi framework. In case you are launching the framework through its starting script (bin/vms/<vm_name>/server), these JVM system properties should be set either in the starting script or be added to the VM_ARGS environment variable prior to calling the script. In the second case, you can include the VM_ARGS-based property definitions in a shell script file whose name starts with "auto", and then place the file in the bin/vms/<vm_name> directory.
For example for JDK:
set VM_ARGS=%VM_ARGS% -Djavax.net.ssl.keyStore=https.keystore
set VM_ARGS=%VM_ARGS% -Djavax.net.ssl.keyStorePassword=testpass
In addition, the JVM's JSSE provider might be initialized with third party Key Managers/Trust Managers as described in Setting Custom Algorithm and Provider for Credential Management.