tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: SSL Connector + truststore refresh without bouncing tomcat
Date Sun, 15 May 2005 23:20:08 GMT

"Diego Ballve" <diego.ballve@digital-artefacts.fi> wrote in message 
news:42872E43.4090805@digital-artefacts.fi...
> Hello,
>
> I'm using ssl client authentication with Tomcat 5.0.28. I have configured 
> it to use my truststoreFile and all works fine there.
>
> I have added a feature to my webapp (The freebXML Registry, 
> http://ebxmlrr.sourceforge.net/) to allow the user to register his own 
> certificate when creating an user account. The certificate gets added to 
> truststoreFile and other account details are set.
>
> My problem is that the SSL Connector will only read the truststoreFile 
> when it is initialized. What I would like to have something monitoring the 
> keystore file for changes and reload it to to the connector when it 
> happens. I could not find a way to do it yet by checking the source for 
> JSSEConnector (method init() triggers keystore loading). Has anybody done 
> something similar??

Strangely, there seems to be more requests to do this sort of thing.  Take a 
look at http://issues.apache.org/bugzilla/show_bug.cgi?id=34643.

It's possible to bounce the Connector using JMX (which probably isn't good 
enough, since it bounces already-connected sessions as well).  Otherwise, 
no, Tomcat currently initializes the TrustStore on startup, and won't 
re-initialize it afterwards.

As always, patches are always welcome :).

>
> Another posibility would be to re-initialize the connector every hour, fo 
> instance. There would be some delay after registration but user could be 
> pacient and wait a bit. Is this easy to achieve/configure??
>
> Thanks,
> Diego
>
> -- 
> Diego Ballve
> Digital Artefacts Europe
> http://www.digital-artefacts.fi/ 




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message