How to specify outbound certificate alias for HTTPS-calls?

Question

I am calling a webservice that requires client certificate authentication.

If I specify a Java keystore containing a single certificate (the client certificate the servi

Answer 1

Short answer: it cannot be done with default Java ssl implementation.

Long answer: I looked on how the SSL handshake is implemented in the sun.security.ssl.ClientHandshaker. In its method serverHelloDone is called X509ExtendedKeyManager.chooseClientAlias. Its implementations are really done in such a way that they return first alias, whose entry matches the given key algorithm and few other things. No way how to tweak the alias selection.

For those who can change the code, this looks like a promising workaround: http://www.44342.com/java-f392-t785-p1.htm