当前位置: 动力学知识库 > 问答 > 编程问答 >

ssl - What's a good strategy for automatically incorporating self-signed certs into my truststore in Java?

问题描述:

We've built a Java EE app in JBoss that exposes web services to external consumers. We want to secure these services so that we know who is making the web service invocations. We have a registration process that requires the consumers to upload their public key so that we can add it to our truststore. However it is currently a manual process of using the keytool from the command line to add them to the truststore.

This whole setup seems rather primitive. I don't like the idea of a truststore on the filesystem that is not part of the database. There must be an approach that lets you utilize the database to store the certs. Should I put the certs in a blob column, and roll my own custom TrustManager that pulls the public key out of the db and verifies the signature? Or is there some other generally implemented open-source solution to this problem?

网友答案:

Why don't you just store the PEM file in database? It can be a BLOB or a text column.

Google's web app registration is a good example,

http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html#register

Look at step 4: Upload a security certificate.

分享给朋友:
您可能感兴趣的文章:
随机阅读: