customContext.loadKeyMaterial(keystore, keystorePassword.toCharArray(), new PrivateKeyStrategy() { @Override public String chooseAlias(Map aliases, Socket socket) { logger.debug("aliases size = "+aliases.size()); for (String alias : aliases.keySet()) { PrivateKeyDetails privateKeyDetails = aliases.get(alias); logger.debug("certificate size = "+privateKeyDetails.getCertChain().length); for (X509Certificate certificate : privateKeyDetails.getCertChain()) { logger.debug("Considering certificate: "+certificate.getIssuerDN()); try { certificate.checkValidity(); List extKeyUsage = certificate.getExtendedKeyUsage(); if (extKeyUsage != null && extKeyUsage.contains("1.3.6.1.5.5.7.3.2")) { logger.debug("In PrivateKeyStrategy, picked appropriate certificate: " + certificate.getIssuerDN()); logger.debug("In PrivateKeyStrategy, picked appropriate alias: " + alias); return alias; } } catch (CertificateExpiredException | CertificateNotYetValidException | CertificateParsingException e) { logger.debug("Certificate validity exception for "+certificate.getIssuerDN()); continue; } } } throw new IllegalStateException("Required certificate not found"); } });