First working solution with two separate HttpComponentsClientHttpRequestFactorys to switch between RestTemplate, as it doesn´t seem to be possible to do it with one SSLContext (see http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/201109.mbox/%3C1315998630.3176.17.camel@ubuntu%3E)

Author: jonashackt

README.md

@@ -43,7 +43,7 @@ Open your Browser with [http:localhost:8080/swagger-ui.html] and fire up a GET-R
 #### 1. Private Key: aliceprivate.key
 
 ```
-openssl genrsa -des3 -out aliceprivate.key 128
+openssl genrsa -des3 -out aliceprivate.key 1024
 ```
 
 - passphrase `alicepassword`
@@ -82,6 +82,12 @@ openssl pkcs12 -export -in alice.crt -inkey aliceprivate.key -certfile alice.crt
 
 __the same password__ `alicepassword`
 
+To read in KeyStore Explorer
+
+```
+keytool -importkeystore -srckeystore alice-keystore.p12 -srcstoretype pkcs12 -destkeystore alice-keystore.jks -deststoretype JKS
+```
+
 
 
 ## server-tom keys and client certificate, truststore & keystore (see /server-tom/src/main/resources)
@@ -148,25 +154,11 @@ In KeyStore Explorer this should look like this:
 
 #### 2. Java Keystore, that inherits Public and Private Keys (keypair): client-keystore.p12
 
-Openssl CLI sadly doesn´t support importing multiple certificate files... But we can [concatenate them](https://serverfault.com/a/483490/326340):
-
-```
-cat alice.crt tom.crt > allcerts.pem
-cat aliceprivate.key tomprivate.key > allkeys.pem
-```
-
-Then we can do:
+We need a way to import multiple private keys and certificates into the same `client-keystore.jks`, so that our implementation could call multiple secured endpoints. This seems to be a harder task then one could think beforehand. But luckily there´s a simple way: Just copy both `alice-keystore.p12` and `tom-keystore.p12` into __client-bob/src/main/resources__ and use keytool as follows:
 
 ```
-openssl pkcs12 -export -in allcerts.pem -inkey allkeys.pem -certfile allcerts.pem -name "alicecert" -out client-keystore.p12
-```
-
-__the same password__ `bobpassword`
-
-If you want to check everything worked fine in KeyStoreExplorer, you have to convert the `.p12` file into a `.jks`, otherwise the tool will bring up a nasty exception:
-
-```
-keytool -importkeystore -srckeystore client-keystore.p12 -srcstoretype pkcs12 -destkeystore client-keystore.jks -deststoretype JKS
+keytool -importkeystore -srckeystore alice-keystore.p12 -srcstoretype pkcs12 -destkeystore client-keystore.jks -deststoretype JKS
+keytool -importkeystore -srckeystore tom-keystore.p12 -srcstoretype pkcs12 -destkeystore client-keystore.jks -deststoretype JKS
 ```
 
 The result should look like this:
@@ -189,3 +181,9 @@ https://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-ce
 --> this is not the only solution, see `-extfile` and `-extensions` CLI paramters!
 
 https://serverfault.com/questions/779475/openssl-add-subject-alternate-name-san-when-signing-with-ca
+
+#### Multiple certificates handling in Java Keystores: 
+
+Look into the documentation of Tomcat in section `keyAlias`: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL_Support
+
+https://stackoverflow.com/questions/5292074/how-to-specify-outbound-certificate-alias-for-https-calls

client-bob/src/main/java/de/jonashackt/client/ServerClientImpl.java

@@ -1,22 +1,33 @@
 package de.jonashackt.client;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.stereotype.Component;
 import org.springframework.web.client.RestTemplate;
 
 @Component
 public class ServerClientImpl implements ServerClient {
 
+    //@Autowired
+    private RestTemplate restTemplate = new RestTemplate();
+
+    @Autowired
+    private HttpComponentsClientHttpRequestFactory serverAliceClientHttpRequestFactory;
+
     @Autowired
-    private RestTemplate restTemplate;
+    private HttpComponentsClientHttpRequestFactory serverTomClientHttpRequestFactory;
 
     @Override
     public String callServerAlice() {
+        restTemplate.setRequestFactory(serverAliceClientHttpRequestFactory);
+
         return restTemplate.getForObject("https://server-alice:8443/hello", String.class);
     }
 
     @Override
     public String callServerTom() {
+        restTemplate.setRequestFactory(serverTomClientHttpRequestFactory);
+
         return restTemplate.getForObject("https://server-tom:8443/hello", String.class);
     }
 }

client-bob/src/main/java/de/jonashackt/configuration/RestClientCertConfiguration.java

@@ -21,18 +21,30 @@ public class RestClientCertConfiguration {
 
     private char[] bobPassword = "bobpassword".toCharArray();
 
-    @Value("classpath:client-keystore.p12")
-    private Resource keystoreResource;
+    @Value("classpath:alice-keystore.p12")
+    private Resource aliceKeystoreResource;
+
+    @Value("classpath:alice-truststore.jks")
+    private Resource aliceTruststoreResource;
+
+    @Value("classpath:tom-keystore.p12")
+    private Resource tomKeystoreResource;
+
+    @Value("classpath:tom-truststore.jks")
+    private Resource tomTruststoreResource;
 
     @Value("classpath:client-truststore.jks")
     private Resource truststoreResource;
 
-    @Bean
+/*    @Bean
     public RestTemplate restTemplate(RestTemplateBuilder builder) throws Exception {
 
+
+
         SSLContext sslContext = SSLContextBuilder
                 .create()
-                .loadKeyMaterial(inStream2File(keystoreResource), bobPassword, bobPassword)
+                .loadKeyMaterial(inStream2File(aliceKeystoreResource), "alicepassword".toCharArray(), "alicepassword".toCharArray())
+                .loadKeyMaterial(inStream2File(tomKeystoreResource), "tompassword".toCharArray(), "tompassword".toCharArray())
                 .loadTrustMaterial(inStream2File(truststoreResource), bobPassword)
                 .build();
 
@@ -43,6 +55,36 @@ public RestTemplate restTemplate(RestTemplateBuilder builder) throws Exception {
         return builder
                 .requestFactory(new HttpComponentsClientHttpRequestFactory(client))
                 .build();
+    }*/
+
+    @Bean
+    public HttpComponentsClientHttpRequestFactory serverTomClientHttpRequestFactory() throws Exception {
+        SSLContext sslContext = SSLContextBuilder
+                .create()
+                .loadKeyMaterial(inStream2File(tomKeystoreResource), "tompassword".toCharArray(), "tompassword".toCharArray())
+                .loadTrustMaterial(inStream2File(tomTruststoreResource), "tompassword".toCharArray())
+                .build();
+
+        HttpClient client = HttpClients.custom()
+                .setSSLContext(sslContext)
+                .build();
+
+        return new HttpComponentsClientHttpRequestFactory(client);
+    }
+
+    @Bean
+    public HttpComponentsClientHttpRequestFactory serverAliceClientHttpRequestFactory() throws Exception {
+        SSLContext sslContext = SSLContextBuilder
+                .create()
+                .loadKeyMaterial(inStream2File(aliceKeystoreResource), "alicepassword".toCharArray(), "alicepassword".toCharArray())
+                .loadTrustMaterial(inStream2File(aliceTruststoreResource), "alicepassword".toCharArray())
+                .build();
+
+        HttpClient client = HttpClients.custom()
+                .setSSLContext(sslContext)
+                .build();
+
+        return new HttpComponentsClientHttpRequestFactory(client);
     }
 
     private File inStream2File(Resource resource) {