Installing a Certificate Callback

Installing a Certificate Callback

The ICEssl module provides support for custom certificate handling. To use this, a class implementing ice.ssl.CertificateCallback( ) must be provided and registered with the setCertificateCallback( ) method in SSLSocket. The methods in the installed CertificateCallback object are called whenever a certificate with errors is received, or the server requests authentication by a client certificate.

In the examples, the class CertificateHandler implements the CertificateCallback interface. The same name is used in the Generic RI. In that case the certificate callback can be installed as follows:
ice.ssl.CertificateManager.setCertificateCallback(new CertificateHandler());
 
Installing a Trusted Sites List

In some cases a site may not have a valid certificate, but you want to contact the server anyway, and decide to trust it. Then the server certificate of the site must be installed in the trusted site list. The getTrustedSites( ) method in the certificate manager returns a ServerCertificateList of the currently trusted sites. By default, an empty list of trusted sites is installed, and it is up to the certificate callback to add certificates. Usually the user selects 'accept' or similar to get a certificate into the trusted sites list.

For an example for how trusted sites lists can be used, see Step 4 - Trusted Sites, Signlists, and Passwords.