You are viewing a plain text version of this content. The canonical link for it is here.

Posted to httpclient-users@hc.apache.org by Alfred Thomas <al...@magnafs.com> on 2005/11/16 13:10:39 UTC

SSL keystores

Hi 

I have written an application that uses HttpClient to do SSL queries.
I am specifying the certificate details with the following:

        System.setProperty("javax.net.ssl.keyStore", keyStorePath);
        System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
        System.setProperty("javax.net.ssl.keyStorePassword",
keyStorePassword);

This then reads the certificate at the appropraite time, from the disk.
If I want to replace the certificate with a new one, how can I force a
refresh on the keystore. 
It seems as if the file is kept open once it is read, and I cannot replace
it with a new one.

Regards
Alfred Thomas


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

RE: SSL keystores

Posted by Alfred Thomas <al...@magnafs.com>.

>Alfred,
>If you want to be able to replace certificates at runtime, you should not
be using the javax.net.ssl.keyStore* system 
>properties. Consider using AuthSSLProtocolSocketFactory [1] or something
similar instead.
>
>Hope this helps
>
>Oleg

Hi Oleg

Thanks, it did help a lot.

Alfred


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: SSL keystores

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Wed, 2005-11-16 at 14:10 +0200, Alfred Thomas wrote:
> Hi 
> 
> I have written an application that uses HttpClient to do SSL queries.
> I am specifying the certificate details with the following:
> 
>         System.setProperty("javax.net.ssl.keyStore", keyStorePath);
>         System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
>         System.setProperty("javax.net.ssl.keyStorePassword",
> keyStorePassword);
> 
> This then reads the certificate at the appropraite time, from the disk.
> If I want to replace the certificate with a new one, how can I force a
> refresh on the keystore. 
> It seems as if the file is kept open once it is read, and I cannot replace
> it with a new one.
> 
> Regards
> Alfred Thomas
> 

Alfred,
If you want to be able to replace certificates at runtime, you should
not be using the javax.net.ssl.keyStore* system properties. Consider
using AuthSSLProtocolSocketFactory [1] or something similar instead.

Hope this helps

Oleg

[1]
http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup

> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org