axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "DANIEL, Yves Marie" <yves-marie.dan...@capgemini.com>
Subject RE: Reload keystore file
Date Thu, 29 Jan 2009 08:11:50 GMT
Hi !
 
With a Jonas application server and a mutual authentication with SSL, we find that we had
to restart Jonas so it could see change the changes of path or content for keystores. It seems
to be the same with tomcat, don't know if it Axis2 or the application server.
 
Yves-Marie

________________________________

De : Sebastian Van Sande [mailto:sebastian@vansande.org] 
Envoyé : jeudi 29 janvier 2009 08:07
À : axis-user@ws.apache.org
Objet : Re: Reload keystore file


Does anyone have a clue how I can refresh the keystore in axis2?
Thank you.


On Wed, Jan 28, 2009 at 10:56 AM, Sebastian Van Sande <sebastian@vansande.org> wrote:


	Hi,
	
	I have a problem with Axis2.
	
	At my project, we have an Microsoft Exchange 2007, and some other project has created an
API to interact with this Exchange server with the help of Axis2.
	This other project uses a Websphere server to manage a keystore to do basic authentication
over SSL.
	My application on the otherhand runs as a standalone application, and I have to manage the
keystore myself.
	
	Now, I managed to use this keystore to calling the Exchange 2007 Web services over SSL, and
it works great.
	But, as you probably know, certificates expire ... and they have to get renewed.
	
	So, I managed to create something a 'KeyStoreManager' that will fetch the new certificates
from the Exchange server and put it in the keystore file.
	And this works great as well .. *IF* I restart my application.
	
	When my application modifies the keystore file, it looks like Axis2 is using some caching
mechanism. Because when I make the web service call again (after inserting the new certificate
in my keystore), it can't authenticate because it cached the keystore file in memory.
	
	To specify the keystore to Axis2, I use this code:
	
	            System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore.jks");
	            System.setProperty("javax.net.ssl.trustStorePassword", "thisisnottherealpassword");
   
	
	To extract the new certificate and add it to my keystore, I use code based on the one you
can find at http://helpdesk.objects.com.au/java/how-do-i-programatically-extract-a-certificate-from-a-site-and-add-it-to-my-keystore

	
	The problem is: when the keystore file is updated with the new certificate, axis2 doesn't
seem to know about it because it uses a cached version of the keystore file.
	
	So my question is: how can I clear this axis2 keystore cache in some way so axis2 will be
forced to read the keystore file again?
	
	Thank you for your help,
	
	Kind regards,
	Sebastian 








This message contains information that may be privileged or confidential and is the property
of the Capgemini Group. It is 
intended only for the person to whom it is addressed. If you are not the intended recipient,
you are not authorized to 
read, print, retain, copy, disseminate, distribute, or use this message or any part thereof.
If you receive this message 
in error, please notify the sender immediately and delete all copies of this message.

Mime
View raw message