Thanks for replying.. below are the answers...
On Tue, Feb 27, 2018 at 4:23 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hassan,
>
> On 2/27/18 3:07 PM, Hassan Khan wrote:
> > I have a issue with system variables that are set to make a https
> > connection.
> Making an outgoing connection from a web application? Tomcat has zero
> control over those.
>
> > I am setting the following for each https request :
> > System.clearProperty("javax.net.ssl.keyStore");
> > System.clearProperty("javax.net.ssl.keyStorePassword");
> > System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
> > System.setProperty("javax.net.ssl.keyStore", "star.*.pfx");
> > System.setProperty("javax.net.ssl.keyStorePassword", "Pass");
>
> For each request? That's probably not going to work.
>
Making a request from the webapp to a Https endpoint.. It is a SOAP
request... The code successfully creates a TLSv1.2 connection.
>
> > The request is successful.
> >
> > The problem I face when the keystore file is changed by a user
> > through our UI, tomcat keeps using the old keystore and password.
> > Only when tomcat is restarted it gets the updated keystore file
> > path and password.
>
> Are you trying to change the keystore that Tomcat uses for *incoming*
> connections? If so, Tomcat only reinitializes the SSL engine
> (including all key material) when initially configured, or explicitly
> requested to reconfigure.
>
This keystore is what the web-app uses to connect to the Https Endpoint..
This is not a connector that tomcat is listening too.... It is part of the
web-app.
The webapp has a UI that takes the keystore path and password and uses it
to connect to the endpoint as above.
>
> > Not sure if it a java 8 issue or a tomcat 8.5 configuration that I
> > do not know about.
>
> It's important to know whether you are taking about connections *to
> Tomcat* or connections *from your application*. Which is it?
>
*from my application*
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqVzFQACgkQHPApP6U8
> pFgZYg//es66n8d3+F6hh0I9H5DY+dpSLHcJEJOd4xijb6PVU8+HiO6CtZZsuwoN
> L2hZmuEBBMcsORuCvd09nRPmrKtAAo+5b+u9Psy0yCBuKVSq0O4JYQzBXmrV/Vh0
> r5ITDFf4o17pain5fM/X08e0MxXjiaHJ85DNp9I0cOC+b1lnvWQUJcxxk8f4BC4e
> gLOBIvXDLGZTa8UY2I8dWJTXBkWX2xCZOOOZuPlgyfCycztFPOVSbsVMxB7bZ/tH
> 0BlXtZBM8DT5ZAr86vwADohNF4DI8NGezIcWNOXNy4QR433qHa/0bDrRNrtwtYPR
> g44k4fJl6Auags5WKCyac0MYWEIOpVEFz9IGfrpjmJwEtQSxGoOS4gncL+JG8OkV
> S6hXFLUbIjqNgqEXoGcJBOt+PFOf+FtMz2/K7/a0/0uD+VyLa3gTVUCIaeW3i0X+
> jzqr/mxd61Mkp17LaCj6shUzv9v6HONpMm/+jGZNtdD5SWo5/cxO9miGRyrrroba
> L+pUY7PueCwwDN4DfScALP5nBnEHV3RR7uhP4Evpe1gLKB9SO1AiysvbZQ4pmSLs
> iqCMspc3L/i7095hSUSqZfw7l3zLa9qL4J4rR9OP9x3WRlh2DdM9SaWQL5h+SNAQ
> zaBKk0xdHR0lAKReTQiTViR1kRk/H119izzMcCnGOvJYKrn+n9E=
> =6Eep
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
--
Hassan Khan
