Hi I did what you suggested but I am unable to still obtain the result that I require.
Can anyone please tell me a way to dynamically change the truststore used. It doesn't have to be something related to AuthSSLProtocolSocketFactory. Any way to do it would be fine. I need to 1. Execute a HTTP get command 2. Check the truststore for any valid certificates. 3. If the truststore doesn't have the valid certificate obtain it from the end server and store it in the truststore. 4. reexecute the HTTP get command. Have to make sure that the truststore used is the newly updated truststore. I am able to do steps 1-3 successfully. But I am not able to reexecute the HTTP command again successfully as it still only obtains certificates from the old truststore not the new updated one. BTW Thanks go out to Roland for helping me out. Reguards Dhanushka Amrakoon -----Original Message----- From: Roland Weber [mailto:[EMAIL PROTECTED] Sent: Friday, June 29, 2007 10:49 PM To: HttpClient User Discussion Subject: Re: HTTPS Certification problem Hello Dhanushka, > while (retry <= retryCount) { > > try { > > Protocol authhttps = new Protocol("https", > new AuthSSLProtocolSocketFactory( > new URL( > > "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"), That is a really strange format for a URL. I would have used file:///e:/Dhanushka/Connectors/AptiloConnector_new/my.keyStore Anyway, if it works. > "112233", > new URL( > > "file:E:\\Dhanushka\\Connectors\\AptiloConnector_new\\my.keyStore"), > "112233"), 443); > // httpclient.getHostConfiguration().setHost("localhost", 443, > authhttps); > Protocol.registerProtocol("https", authhttps); It is a rather bad idea to register the protocol in a loop. And it may not work as expected, depending on how the AuthSSLProtocolSocketFactory relates to SSL contexts. I can't tell you details, because I don't know them. But this _feels_ all wrong. Use one single AuthSSLProtocolSocketFactory. Modify the code of that factory so you can update the key store at runtime. Test and debug until you are sure that the new key store content is picked up at runtime. Then verify that the initial key store is read from the file referenced above. Afterwards, verify that updates to the key store are written to that very file. And make sure that the writing succeeds and is not prevented by some spurious file locks because a file is not properly closed or some such interference. good luck, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
