How to specify certificate alias for ClientHandler

This topic has 2 replies, 2 voices, and was last updated 4 years, 9 months ago by handat.

  • Author
  • #20190

    I’m trying to configure mutual authentication for https connections where OpenIG is connecting to a TLS enabled site that requires a client certificate to be presented for mutual authentication. I’ve configured a keyManager containing the client certificate that IG needs to present. How do I specify that certificate? Logically, one would add an alias option in the ClientHandler config together with the keyManager config option, but I cannot find a config reference that indicates that “alias” is a valid config option to specify which certificate to use in the key store.

    	"type": "ClientHandler",
         	"config": {
    		"hostnameVerifier": "STRICT",
    		"sslContextAlgorithm": "TLSv1.2",
    		"keyManager": [ "keyManager" ],
           		"trustManager": [ "trustManager" ]

    I found that the jwtsession manager has an alias config option, but couldn’t find something equivalent for the client handler. So how do you specify which certificate to use when using the ClientHandler?


    You’re right, there is no such settings ATM in IG
    You can have a dedicated keystore with just your IG certificate in it to workaround this.



    Thanks for confirming. That means that each keystore can only have a single private key and the alias does not matter as it would just get the only private key. If there were more private keys, it would fail? There is no hardcoded default alias it will try to look for?

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?