On Tuesday 17 June 2003 18:55, Marc Dugger wrote: > I am attempting to change the certificate against which a webapp > authenticates itself. I've gone as far as deleting the old key/cert > from the keystore and imported a new one. However, the webapp > continues to use the old cert. I've verified that the 'keystorefile' > param on the SSL factory is defined correctly and restarted the > server repeatedly. What else could I be missing?
Hi, Marc! i once had a similar problem with a cert under Apache, and it turned out that i literally had to reboot the machine to get the new cert to be visible. Apparently libssl simply wouldn't let go of it. i theorize that the problem was that libssl had the cert open, and therefor deleting/replacing the file didn't really delete the open filehandle (thus libssl was seeing the old cert). That's just theory, though - i never did find out for 100% certain. You can see a similar behaviour in your system logger if you 'rm /var/log/messages', for example - the syslogger is still writing to the old filehandle, and restarting the syslogger will solve the problem. Since once cannot restart libssl, this theory makes sense, assuming that libssl actually keeps an open filehandle on the cert. -- ----- stephan The Guy With No Job Title [EMAIL PROTECTED] - http://www.einsurance.de Student: "Master, you must teach me the way of liberation!" Master: "Tell me who it is that binds you." Student: "No one binds me!" Master: "Then why do you seek liberation?" --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
