Hi,
I agree with Glen to have keystore/Truststore outside the war. Usually
containers comes with their own default keystore/truststore. For testing
and development purposes, the keystore configurations are complete.
However, for production environments, you may want to create a secure
environment where ONLY your installations trust each other. WSS4J takes
custom crypto configurations for Alias, Keystore location, TrustStore
location, type of store using properties files.
With Regards,
Mayank
Mark2008 wrote:
I am looking at the online tutorials on how to use Encryption / Signature to
secure CXF web service.
The examples package the keystore / truststore into the web war file and
deploy to the some web container.
My question is, after the cxf/webservice application has been deployed to a
production environment, how do we import the client certificate and update
the truststore for any new client without shutting down the web server?
What's the best practice on this?
Thanks,
Mark
