You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by matteo rulli <ma...@abodata.com> on 2012/02/21 08:40:19 UTC

add new ssl certificates at run-time

Dear all,

We dynamically load new client certs in our (server side) amq truststores
but the broker does not reload credentials. The procedure we use to insert
new certs in ts is ok, since it is the same we successfully use with apache
cxf. I found this thread on nabble:

 

http://activemq.2283324.n4.nabble.com/Dynamic-SSL-certs-td4320452.html

 

It is the very same issue I'm having but the answer is not so encouraging.
Could someone please elaborate a little bit more on that? I tried playing
around with SslContext like this:

 

KeyManagerFactory kmf = 

 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());  

      KeyStore ks = KeyStore.getInstance("jks");

      KeyManager[] keystoreManagers = null;

        

      ks.load(new FileInputStream(new File(broker_ks_file)),
keystorepswd.toCharArray());

      kmf.init(ks, keystorepswd.toCharArray());

      keystoreManagers = kmf.getKeyManagers();

 

TrustManager[] trustStoreManagers = new TrustManager[] {

                          new
ReloadableX509TrustManager(broker_ts_file,trustorepswd)};

 

       SslContext context = new SslContext(keystoreManagers,
trustStoreManagers, null);

broker.setSslContext(context);

 

where ReloadableX509TrustManager is as explained in 

 

 
<http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-stor
e/>
http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-store
/

 

But I cannot get it working.

 

Many thanks.

 

Matteo