hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: SSL keystores
Date Wed, 16 Nov 2005 22:21:00 GMT
On Wed, 2005-11-16 at 14:10 +0200, Alfred Thomas wrote:
> Hi 
> 
> I have written an application that uses HttpClient to do SSL queries.
> I am specifying the certificate details with the following:
> 
>         System.setProperty("javax.net.ssl.keyStore", keyStorePath);
>         System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
>         System.setProperty("javax.net.ssl.keyStorePassword",
> keyStorePassword);
> 
> This then reads the certificate at the appropraite time, from the disk.
> If I want to replace the certificate with a new one, how can I force a
> refresh on the keystore. 
> It seems as if the file is kept open once it is read, and I cannot replace
> it with a new one.
> 
> Regards
> Alfred Thomas
> 

Alfred,
If you want to be able to replace certificates at runtime, you should
not be using the javax.net.ssl.keyStore* system properties. Consider
using AuthSSLProtocolSocketFactory [1] or something similar instead.

Hope this helps

Oleg

[1]
http://svn.apache.org/viewcvs.cgi/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup

> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message