CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java Cosign Filter

On 02 Jul 2004, at 11:09, John Mitchell wrote:
It is not clear what the keystore is meant to contain - is it just a public / private key pair for the web application - or is it a self signed certificate for the web which case if there is a "real" certificate available - should this be imported into the above keystore? And what about aliases for the keys / certificates - are there any specific aliases that are expected by the filter?

I assume this keystore contains the public/private key pair that the Java Cosign Filter will use to talk to cosignd. This can be the same certificate that https might use for your web application, if:

	that certificate is able to be used for client authentication, and
	cosignd recognizes the CA that signed the certificate

You can tell that your certificate may be used for client authentication with this command:

openssl verify -CApath path_to_CAdir -purpose sslclient server.cert

Sorry for the delay in responding.


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010