2011/11/10 Shawn Deer <shawn.d...@entrust.com>: > I have a setup in which an instance of Tomcat 6 is running on a given > machine, and another application on the same machine generates or updates the > SSL credentials that Tomcat should present. The credentials are not in JKS > format, and so currently I'm exporting them to PKCS#12 and writing them out > to a location previously specified in server.xml. The problem is that since > Tomcat only seems to load its credentials at startup, the only way to get the > new SSL certificate to be used is to restart Tomcat. > > Is there a programmatic way to change Tomcat's keystore > dynamically so that when I want to update the SSL credentials, I can do so > without having to restart the service? I looked at the HTTP11Connector > class, and possibly wrapping/replacing that in my setup, but I couldn't see > anything that would allow me to override the current keystore. Even if I > could just override the certificate/key used, that'd be fantastic.
It might worth to try to stop and then start a connector, e.g. through JMX. You may try with jconsole first without any programming. (I do not remember whether they are restartable, but it is worth trying). JMX support is better in Tomcat 7, up to allowing you to create and configure Tomcat components through JMX. Also IIRC there might be some hooks in the connector, like using custom key store provider. YMMV Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
