-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lau,
Marking OT because this is not a Tomcat question: it's either http-components or Java-in-general. On 12/17/11 2:34 AM, Lau Eng Huat wrote: > The question that I have now is how to get it to work with apache > httpclient components. Have you tried the apache-commons mailing list? > I found that the SSLSocketFactory has 4 constructor class of > interest. They are > > [snip: list of constructors] > > Which one should I used and the pro and cons of using this ? If I > used item 2 method, which one is tomcathost.jks and trust.jks in > the first parameter and 3rd parameter. The "trust store" is always the keystore that contains the certificates to be trusted. That means that the "trust store" needs to contain the certificate from your remote web server. If the certificate was signed by a globally-trusted certificate authority (CA) such as VeriSign, Thawte, etc. then you probably don't need to go through any of this. Is this a self-signed cert? > The other question is how to load certificates dynamically in java, > how do I achieved this ? You will have to work this out for yourself. Perhaps you can do periodic re-loading of a keystore? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7vw2cACgkQ9CaO5/Lv0PDreACgu9NyYUx27OX/IwPoQVa6FUm3 ZJAAn2v3Vy8H1ZjpYm2sbuFsei9T/OEn =/rrO -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
