Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 17332 invoked from network); 18 Jun 2003 08:25:46 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 18 Jun 2003 08:25:46 -0000 Received: (qmail 8657 invoked by uid 97); 18 Jun 2003 08:28:17 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org Received: (qmail 8650 invoked from network); 18 Jun 2003 08:28:17 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 18 Jun 2003 08:28:17 -0000 Received: (qmail 15912 invoked by uid 500); 18 Jun 2003 08:25:31 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 15896 invoked from network); 18 Jun 2003 08:25:30 -0000 Received: from mail.einsurance.de (HELO einsurance.de) (62.128.31.3) by daedalus.apache.org with SMTP; 18 Jun 2003 08:25:30 -0000 Received: from [192.168.2.51] (HELO cheyenne.einsurance.de) by einsurance.de (CommuniGate Pro SMTP 4.0.3) with ESMTP id 4828517; Wed, 18 Jun 2003 10:26:19 +0200 From: stephan beal Reply-To: stephan@einsurance.de To: Subject: Re: ssl keystore Date: Wed, 18 Jun 2003 10:27:38 +0200 User-Agent: KMail/1.5.1 References: <000301c334f1$346801e0$7501000a@somewhere> In-Reply-To: <000301c334f1$346801e0$7501000a@somewhere> Cc: "Marc Dugger" MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200306181027.38490.stephan@einsurance.de> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N On Tuesday 17 June 2003 18:55, Marc Dugger wrote: > I am attempting to change the certificate against which a webapp > authenticates itself. I've gone as far as deleting the old key/cert > from the keystore and imported a new one. However, the webapp > continues to use the old cert. I've verified that the 'keystorefile' > param on the SSL factory is defined correctly and restarted the > server repeatedly. What else could I be missing? Hi, Marc! i once had a similar problem with a cert under Apache, and it turned out that i literally had to reboot the machine to get the new cert to be visible. Apparently libssl simply wouldn't let go of it. i theorize that the problem was that libssl had the cert open, and therefor deleting/replacing the file didn't really delete the open filehandle (thus libssl was seeing the old cert). That's just theory, though - i never did find out for 100% certain. You can see a similar behaviour in your system logger if you 'rm /var/log/messages', for example - the syslogger is still writing to the old filehandle, and restarting the syslogger will solve the problem. Since once cannot restart libssl, this theory makes sense, assuming that libssl actually keeps an open filehandle on the cert. -- ----- stephan The Guy With No Job Title stephan@einsurance.de - http://www.einsurance.de Student: "Master, you must teach me the way of liberation!" Master: "Tell me who it is that binds you." Student: "No one binds me!" Master: "Then why do you seek liberation?" --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org