Re: Tomcat 8.5.X reading cached keystore and password system SSL configurations

Tue, 27 Feb 2018 13:23:51 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hassan,

On 2/27/18 3:07 PM, Hassan Khan wrote:
> I have a issue with system variables that are set to make a https 
> connection.
Making an outgoing connection from a web application? Tomcat has zero
control over those.

> I am setting the following for each https request : 
> System.clearProperty("javax.net.ssl.keyStore"); 
> System.clearProperty("javax.net.ssl.keyStorePassword"); 
> System.setProperty("javax.net.ssl.keyStoreType", "PKCS12"); 
> System.setProperty("javax.net.ssl.keyStore", "star.*.pfx"); 
> System.setProperty("javax.net.ssl.keyStorePassword", "Pass");

For each request? That's probably not going to work.

> The request is successful.
> 
> The problem I face when the keystore file is changed by a user
> through our UI, tomcat keeps using the old keystore and password.
> Only when tomcat is restarted it gets the updated keystore file
> path and password.

Are you trying to change the keystore that Tomcat uses for *incoming*
connections? If so, Tomcat only reinitializes the SSL engine
(including all key material) when initially configured, or explicitly
requested to reconfigure.

> Not sure if it a java 8 issue or a tomcat 8.5 configuration that I
> do not know about.

It's important to know whether you are taking about connections *to
Tomcat* or connections *from your application*. Which is it?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqVzFQACgkQHPApP6U8
pFgZYg//es66n8d3+F6hh0I9H5DY+dpSLHcJEJOd4xijb6PVU8+HiO6CtZZsuwoN
L2hZmuEBBMcsORuCvd09nRPmrKtAAo+5b+u9Psy0yCBuKVSq0O4JYQzBXmrV/Vh0
r5ITDFf4o17pain5fM/X08e0MxXjiaHJ85DNp9I0cOC+b1lnvWQUJcxxk8f4BC4e
gLOBIvXDLGZTa8UY2I8dWJTXBkWX2xCZOOOZuPlgyfCycztFPOVSbsVMxB7bZ/tH
0BlXtZBM8DT5ZAr86vwADohNF4DI8NGezIcWNOXNy4QR433qHa/0bDrRNrtwtYPR
g44k4fJl6Auags5WKCyac0MYWEIOpVEFz9IGfrpjmJwEtQSxGoOS4gncL+JG8OkV
S6hXFLUbIjqNgqEXoGcJBOt+PFOf+FtMz2/K7/a0/0uD+VyLa3gTVUCIaeW3i0X+
jzqr/mxd61Mkp17LaCj6shUzv9v6HONpMm/+jGZNtdD5SWo5/cxO9miGRyrrroba
L+pUY7PueCwwDN4DfScALP5nBnEHV3RR7uhP4Evpe1gLKB9SO1AiysvbZQ4pmSLs
iqCMspc3L/i7095hSUSqZfw7l3zLa9qL4J4rR9OP9x3WRlh2DdM9SaWQL5h+SNAQ
zaBKk0xdHR0lAKReTQiTViR1kRk/H119izzMcCnGOvJYKrn+n9E=
=6Eep
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to