Https with call.invoke()

[Trimarchi Michele <Mi...@crypto.it>]

Hi there..
i have a servlet,on a web application , that calls a webservice via https
(on a separate .net environment) ,
i'm using rpc style with classic call.invoke()..
Everything works great and without any problem but i've a big doubt.
I'm using system.setProperty methods to set
keystore,truststore,keystorepassword,truststore and so on.
I think this solution is not very smart .When i will have to deploy another
web application with https soap calls what will i have to do?? I don't think
it will be very prudent to setProperty() again with different keystore path
and password and overwrite jvm properties set by the first webapp.

so,the question is:
is it possible to setting keystore and truststore just for the servlet scope
without using system properties?
I can make it for an https url connection

SSLSocketFactory ssf;
TrustManagerFactory tmf;
KeyStore ks;
FileInputStream fis;
String pathKeyStore="C:\\client.keystore";
char[] passphrase = "keystorePassword".toCharArray();
fis=new FileInputStream(pathKeyStore);
ks = KeyStore.getInstance("JKS");
ks.load(fis, passphrase);
tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
fis.close();
try {
URL url = new URL("https://yourpage");
com.sun.net.ssl.HttpsURLConnection connection =
(com.sun.net.ssl.HttpsURLConnection) url.openConnection();
ssf = ctx.getSocketFactory();
connection.setSSLSocketFactory(ssf);
connection.connect();
System.out.println("Ok :" + connection.getURL());


..but i don't know how make call.invoke() work ..the servlet throws
"untrusted server chain" exception..

Any hints?

Thanks in advance
Michele