I assume you use Axis2 as a web service client. I think better solution for you would be to use a custom SSL Socket factory to handle your scenario. You can find more information on how to implement and use a custom SSL Socket factory here [1]. You can also raise the question in commons http client list too.
thanks, nandana [1] - http://hc.apache.org/httpclient-3.x/sslguide.html On Thu, Jan 29, 2009 at 1:56 PM, Sebastian Van Sande <[email protected] > wrote: > Hi, > > Thanks for your reply, Yves Marie! > > Unfortunately, restarting the application is something we don't want since > this application will run 24/7 in a production environment. > > I'm looking for a way to let Axis2 know to reload the keystore file, at > runtime without restarting my application. > I know *when* it has to reload the keystore file, I just don't know *how* > to do this in code. > > If anyone knows how to let Axis2 reload the keystore file, let me know! > > Kind regards, > Sebastian > > > On Thu, Jan 29, 2009 at 9:11 AM, DANIEL, Yves Marie < > [email protected]> wrote: > >> Hi ! >> >> With a Jonas application server and a mutual authentication with SSL, we >> find that we had to restart Jonas so it could see change the changes of path >> or content for keystores. It seems to be the same with tomcat, don't know if >> it Axis2 or the application server. >> >> Yves-Marie >> >> ------------------------------ >> *De :* Sebastian Van Sande [mailto:[email protected]] >> *Envoyé :* jeudi 29 janvier 2009 08:07 >> *À :* [email protected] >> *Objet :* Re: Reload keystore file >> >> Does anyone have a clue how I can refresh the keystore in axis2? >> Thank you. >> >> On Wed, Jan 28, 2009 at 10:56 AM, Sebastian Van Sande < >> [email protected]> wrote: >> >>> Hi, >>> >>> I have a problem with Axis2. >>> >>> At my project, we have an Microsoft Exchange 2007, and some other project >>> has created an API to interact with this Exchange server with the help of >>> Axis2. >>> This other project uses a Websphere server to manage a keystore to do >>> basic authentication over SSL. >>> My application on the otherhand runs as a standalone application, and I >>> have to manage the keystore myself. >>> >>> Now, I managed to use this keystore to calling the Exchange 2007 Web >>> services over SSL, and it works great. >>> But, as you probably know, certificates expire ... and they have to get >>> renewed. >>> >>> So, I managed to create something a 'KeyStoreManager' that will fetch the >>> new certificates from the Exchange server and put it in the keystore file. >>> And this works great as well .. *IF* I restart my application. >>> >>> When my application modifies the keystore file, it looks like Axis2 is >>> using some caching mechanism. Because when I make the web service call again >>> (after inserting the new certificate in my keystore), it can't authenticate >>> because it cached the keystore file in memory. >>> >>> To specify the keystore to Axis2, I use this code: >>> >>> System.setProperty("javax.net.ssl.trustStore", >>> "/path/to/keystore.jks"); >>> System.setProperty("javax.net.ssl.trustStorePassword", >>> "thisisnottherealpassword"); >>> >>> To extract the new certificate and add it to my keystore, I use code >>> based on the one you can find at >>> http://helpdesk.objects.com.au/java/how-do-i-programatically-extract-a-certificate-from-a-site-and-add-it-to-my-keystore >>> >>> The problem is: when the keystore file is updated with the new >>> certificate, axis2 doesn't seem to know about it because it uses a cached >>> version of the keystore file. >>> >>> So my question is: how can I clear this axis2 keystore cache in some way >>> so axis2 will be forced to read the keystore file again? >>> >>> Thank you for your help, >>> >>> Kind regards, >>> Sebastian >> >> >> This message contains information that may be privileged or confidential and >> is the property of the Capgemini Group. It is >> intended only for the person to whom it is addressed. If you are not the >> intended recipient, you are not authorized to >> read, print, retain, copy, disseminate, distribute, or use this message or >> any part thereof. If you receive this message >> in error, please notify the sender immediately and delete all copies of this >> message. >> >> > -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/ http://www.wso2.org
