You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Diego Ballve <di...@digital-artefacts.fi> on 2005/05/15 13:10:59 UTC
SSL Connector + truststore refresh without bouncing tomcat
Hello,
I'm using ssl client authentication with Tomcat 5.0.28. I have
configured it to use my truststoreFile and all works fine there.
I have added a feature to my webapp (The freebXML Registry,
http://ebxmlrr.sourceforge.net/) to allow the user to register his own
certificate when creating an user account. The certificate gets added to
truststoreFile and other account details are set.
My problem is that the SSL Connector will only read the truststoreFile
when it is initialized. What I would like to have something monitoring
the keystore file for changes and reload it to to the connector when it
happens. I could not find a way to do it yet by checking the source for
JSSEConnector (method init() triggers keystore loading). Has anybody
done something similar??
Another posibility would be to re-initialize the connector every hour,
fo instance. There would be some delay after registration but user could
be pacient and wait a bit. Is this easy to achieve/configure??
Thanks,
Diego
--
Diego Ballve
Digital Artefacts Europe
http://www.digital-artefacts.fi/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: SSL Connector + truststore refresh without bouncing tomcat
Posted by Bill Barker <wb...@wilshire.com>.
"Diego Ballve" <di...@digital-artefacts.fi> wrote in message
news:42872E43.4090805@digital-artefacts.fi...
> Hello,
>
> I'm using ssl client authentication with Tomcat 5.0.28. I have configured
> it to use my truststoreFile and all works fine there.
>
> I have added a feature to my webapp (The freebXML Registry,
> http://ebxmlrr.sourceforge.net/) to allow the user to register his own
> certificate when creating an user account. The certificate gets added to
> truststoreFile and other account details are set.
>
> My problem is that the SSL Connector will only read the truststoreFile
> when it is initialized. What I would like to have something monitoring the
> keystore file for changes and reload it to to the connector when it
> happens. I could not find a way to do it yet by checking the source for
> JSSEConnector (method init() triggers keystore loading). Has anybody done
> something similar??
Strangely, there seems to be more requests to do this sort of thing. Take a
look at http://issues.apache.org/bugzilla/show_bug.cgi?id=34643.
It's possible to bounce the Connector using JMX (which probably isn't good
enough, since it bounces already-connected sessions as well). Otherwise,
no, Tomcat currently initializes the TrustStore on startup, and won't
re-initialize it afterwards.
As always, patches are always welcome :).
>
> Another posibility would be to re-initialize the connector every hour, fo
> instance. There would be some delay after registration but user could be
> pacient and wait a bit. Is this easy to achieve/configure??
>
> Thanks,
> Diego
>
> --
> Diego Ballve
> Digital Artefacts Europe
> http://www.digital-artefacts.fi/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org