Hi,
We use the ACME protocol with Let's Encrypt to automatically and programmatically request and generate new server certificates for SSL in conjunction with an embedded Jetty 9 web server (the Jetty server is configured and started with our own code, not a file based configuration). We therefore generate a new KeyStore or can modify the existing KeyStore instance with the new certificate chain. As such, every 85 days or so, we wish to programmatically either: 1. Change the KeyStore in the SSL configuration for the HTTPS ServerConnector (in SSLContextFactory or alike) if it is possible during runtime (but the existing SSLContext must somehow be refreshed - all this must be done when the ServerConnector is stopped and we would like to keep it running), 2. Restart the connector if it is possible after reconfiguration (avoiding potential stops in SSLServerSocket listener), 3. Remove and stop the existing connector, create the new connector, add it to the server and start it (the connector), 4. Use some kind of dynamic KeyManagerFactory? 5. Subclass SSLContextFactory or something like that... How should we go about doing it the best way? Is it even possible to do this without temporarily stopping the SSLServerSocket? Best regards, Chris
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
