问题
When I manually create a KeyManager, one of the steps is this:
KeyManagerFactory.getInstance("SunX509")
This does not work on IBM jre where I need to specify "IbmX509".
My questions:
- I read that this is called the "certificate encoding algorithm". What does that mean? When is it used?
- What happens when the client is using the IBM algorithm and the server is using the Sun algorithm?
Thanks,
Doron
回答1:
I read that this is called the "certificate encoding algorithm".
No it isn't. It is a key manager algorithm that defines both a provider and a content type, in this case "Sun" or "IBM" and X.509. Basically it is a keystore type.
Anyway the best solution is not to use either. Just use
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
The KeyManager and KeyManagerFactory just deal with the local keystore/truststore. The peer doesn't care about that, only about the certificates that are in them, and that only indirectly.
来源:https://stackoverflow.com/questions/10073202/what-is-sunx509-used-for-and-can-it-work-with-parties-using-ibmx509