-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Edward,
On 10/11/2011 9:21 AM, Edward Quick wrote: > I have an ssl handshake issue with an application running on > tomcat that talks to an ssl site. This site renewed their ssl > certificate recently, however it was signed with the G5 and G3 > intermediate verisign CA certificates which are imported into the > java truststore that my tomcat uses. > > If I run a short java program from the command line to connect to > the site using tomcat's truststore it works fine. I'm just > wondering if tomcat needs a restart to pick the new certificate up > from this site? Or is there an mbean operation I can invoke to > clear this out? Obviously I'm speculating, but I'm a bit stuck on > this and as it's running a live service, it's not easy to restart. So, if the service is restarted, you're confident that the handshake will work? If that's the case, I believe a Tomcat restart is your only option at this point. Another option would be to manage your own trust store for your outgoing communications instead of relying on Tomcat's trust store. Of course, that requires you to modify your webapp which might not be terribly convenient. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6UYPUACgkQ9CaO5/Lv0PAGsgCfc9ORPVz7v9GlwhQZFRhVJZRr jhoAn1r/Sl+KR57wfi8UwRTjkOMD5TTQ =9b/8 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
