activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "matteo rulli" <matteo.ru...@abodata.com>
Subject add new ssl certificates at run-time
Date Tue, 21 Feb 2012 07:40:19 GMT
Dear all,

We dynamically load new client certs in our (server side) amq truststores
but the broker does not reload credentials. The procedure we use to insert
new certs in ts is ok, since it is the same we successfully use with apache
cxf. I found this thread on nabble:

 

http://activemq.2283324.n4.nabble.com/Dynamic-SSL-certs-td4320452.html

 

It is the very same issue I'm having but the answer is not so encouraging.
Could someone please elaborate a little bit more on that? I tried playing
around with SslContext like this:

 

KeyManagerFactory kmf = 

 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());  

      KeyStore ks = KeyStore.getInstance("jks");

      KeyManager[] keystoreManagers = null;

        

      ks.load(new FileInputStream(new File(broker_ks_file)),
keystorepswd.toCharArray());

      kmf.init(ks, keystorepswd.toCharArray());

      keystoreManagers = kmf.getKeyManagers();

 

TrustManager[] trustStoreManagers = new TrustManager[] {

                          new
ReloadableX509TrustManager(broker_ts_file,trustorepswd)};

 

       SslContext context = new SslContext(keystoreManagers,
trustStoreManagers, null);

broker.setSslContext(context);

 

where ReloadableX509TrustManager is as explained in 

 

 
<http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-stor
e/>
http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-store
/

 

But I cannot get it working.

 

Many thanks.

 

Matteo

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message