tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: SSL Connector + truststore refresh without bouncing tomcat
Date Sun, 15 May 2005 23:20:08 GMT

"Diego Ballve" <> wrote in message
> Hello,
> I'm using ssl client authentication with Tomcat 5.0.28. I have configured 
> it to use my truststoreFile and all works fine there.
> I have added a feature to my webapp (The freebXML Registry, 
> to allow the user to register his own 
> certificate when creating an user account. The certificate gets added to 
> truststoreFile and other account details are set.
> My problem is that the SSL Connector will only read the truststoreFile 
> when it is initialized. What I would like to have something monitoring the 
> keystore file for changes and reload it to to the connector when it 
> happens. I could not find a way to do it yet by checking the source for 
> JSSEConnector (method init() triggers keystore loading). Has anybody done 
> something similar??

Strangely, there seems to be more requests to do this sort of thing.  Take a 
look at

It's possible to bounce the Connector using JMX (which probably isn't good 
enough, since it bounces already-connected sessions as well).  Otherwise, 
no, Tomcat currently initializes the TrustStore on startup, and won't 
re-initialize it afterwards.

As always, patches are always welcome :).

> Another posibility would be to re-initialize the connector every hour, fo 
> instance. There would be some delay after registration but user could be 
> pacient and wait a bit. Is this easy to achieve/configure??
> Thanks,
> Diego
> -- 
> Diego Ballve
> Digital Artefacts Europe

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message