tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ronald Spiers" <>
Subject Re: Reloading keystore - how to register a new TrusStore Manager for Tomcat?
Date Mon, 11 Jun 2007 17:41:59 GMT
Hi Pulkit, assuming that I can create the trustManager, I am not sure
about how to register it with Tomcat, and if I need to implement more
interfaces, etc.

In short, I suspect other people already solved this problem, and
since it will be my first time, I am trying to obtain their feedback
and suggestions to avoid common pitfalls.

You are right, I already have a clue in the JSSE docs, but I am
looking for a little bit more advice - if possible.

And as Mark's reply pointed out, I may not be using the certificate
mechanism in the best way. That's also the kind of feedback I am
looking for.

Thans for your reply.

On 6/11/07, Pulkit Singhal <> wrote:
> Hello,
> I am not sure what you are asking for here. You say that you fond some
> instructions on "Creating Your Own X509TrustManager" ... thats good.
> 1) Given that you have these instructions, whats the issue at hand?
> Conceptually (and without even looking at any content other than the title)
> I would chime-in and say that it sounds like ... if you can create your own
> TrustManager then you most likely make dynamic additions to it.
> 2) Or may be you have yet to implement any such solution and are still
> lookign for pre-provided alternatives?
> There are always modules like EJBCA( that you
> might want to have a look at, I think it can be deployed on Tomcat.
> On 6/11/07, Ronald Spiers <> wrote:
> >
> > Hi, I am preparing a self enrollment webapp for generating client
> > certificates and adding them to the server keystore. I know that
> > Tomcat won't reload keystore unless the server is restarted, so I did
> > look for alternatives, and the JSSE guide explains an approach to this
> > in the section "Creating Your Own X509TrustManager".
> >
> > My question is: Does anybody in this list have some experience solving
> > this problem?, providing tomcat a custom trust manager to dynamically
> > add a client certificate to the verification path when client
> > credentials are presented?
> >
> > Can self-enrollment be done using Tomcat and JSSE? maybe it can't be
> > done I am just wasting my time ;) I have searched a lot in the last 3
> > days, tomcat list archives and other materials, I have not found a
> > single solution to this problem, except for the JSSE guide and this
> > article, that explains how to create a trustManager and a SSLContext
> > for implementing S/MIME with JavaMail:
> >
> > *
> >
> > Thanks a lot for any feedback you can provide.
> >
> > Regards,
> > Martin
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail:
> > To unsubscribe, e-mail:
> > For additional commands, e-mail:
> >
> >

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message