You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Alfred Thomas <al...@magnafs.com> on 2005/11/16 13:10:39 UTC
SSL keystores
Hi
I have written an application that uses HttpClient to do SSL queries.
I am specifying the certificate details with the following:
System.setProperty("javax.net.ssl.keyStore", keyStorePath);
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
System.setProperty("javax.net.ssl.keyStorePassword",
keyStorePassword);
This then reads the certificate at the appropraite time, from the disk.
If I want to replace the certificate with a new one, how can I force a
refresh on the keystore.
It seems as if the file is kept open once it is read, and I cannot replace
it with a new one.
Regards
Alfred Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
RE: SSL keystores
Posted by Alfred Thomas <al...@magnafs.com>.
>Alfred,
>If you want to be able to replace certificates at runtime, you should not
be using the javax.net.ssl.keyStore* system
>properties. Consider using AuthSSLProtocolSocketFactory [1] or something
similar instead.
>
>Hope this helps
>
>Oleg
Hi Oleg
Thanks, it did help a lot.
Alfred
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
Re: SSL keystores
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2005-11-16 at 14:10 +0200, Alfred Thomas wrote:
> Hi
>
> I have written an application that uses HttpClient to do SSL queries.
> I am specifying the certificate details with the following:
>
> System.setProperty("javax.net.ssl.keyStore", keyStorePath);
> System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
> System.setProperty("javax.net.ssl.keyStorePassword",
> keyStorePassword);
>
> This then reads the certificate at the appropraite time, from the disk.
> If I want to replace the certificate with a new one, how can I force a
> refresh on the keystore.
> It seems as if the file is kept open once it is read, and I cannot replace
> it with a new one.
>
> Regards
> Alfred Thomas
>
Alfred,
If you want to be able to replace certificates at runtime, you should
not be using the javax.net.ssl.keyStore* system properties. Consider
using AuthSSLProtocolSocketFactory [1] or something similar instead.
Hope this helps
Oleg
[1]
http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org