Thursday, November 24, 2011
A PEM Backed Keystore for Java SSL
For Thumbslug, we needed to open a number of SSL connections to the same server, each with its own X.509 client certificate. Thumbslug grabs the certificates from Candlepin, which stores them in PEM format. Rather than teach Candlepin to also store these certificates in a different format, or to load them first into a format that Java deals with nativley (like PKCS #12), I figured it would be best to create an SSLSession backed directly by an X509Certificate and PrivateKey loaded from the PEM file.