tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: Detect expired server certificate
Date Thu, 23 Feb 2006 03:32:07 GMT

"Jihwan Kim" <> wrote in message
>I have this in my server.xml
>    <Connector port="443"
>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>               enableLookups="false" disableUploadTimeout="true"
>               acceptCount="100" debug="0" scheme="https" secure="true"
>               clientAuth="true" sslProtocol="TLS"
>     keystoreFile="c:/j2sdk1.4.2_09/jre/lib/security/cacerts"
>keystorePass="XXXX" />
>cacerts is a self signed certificate.
>Whewn the certificate is expired, I would like to detect it and send a
>proper message to a client side user.

This happens deep within JSSE, before normally any of your or Tomcat's code 
gets a chance to do anything.

>So, 1. how can I detect the expired cert from a Java application client.

Unless you configure your own TrustManager, the client will throw an 
exception when you try to connect.

>      2. Can I detect the expired cert during the Tomcat startup?

Strangely, JSSE doesn't do this.  Of course, there is nothing stopping your 
app from reading the cert from the KeyStore and checking yourself ;-).

>Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message