Hi Pulkit, assuming that I can create the trustManager, I am not sure about how to register it with Tomcat, and if I need to implement more interfaces, etc.
In short, I suspect other people already solved this problem, and since it will be my first time, I am trying to obtain their feedback and suggestions to avoid common pitfalls. You are right, I already have a clue in the JSSE docs, but I am looking for a little bit more advice - if possible. And as Mark's reply pointed out, I may not be using the certificate mechanism in the best way. That's also the kind of feedback I am looking for. Thans for your reply. On 6/11/07, Pulkit Singhal <[EMAIL PROTECTED]> wrote:
Hello, I am not sure what you are asking for here. You say that you fond some instructions on "Creating Your Own X509TrustManager" ... thats good. 1) Given that you have these instructions, whats the issue at hand? Conceptually (and without even looking at any content other than the title) I would chime-in and say that it sounds like ... if you can create your own TrustManager then you most likely make dynamic additions to it. 2) Or may be you have yet to implement any such solution and are still lookign for pre-provided alternatives? There are always modules like EJBCA(http://ejbca.sourceforge.net/) that you might want to have a look at, I think it can be deployed on Tomcat. On 6/11/07, Ronald Spiers <[EMAIL PROTECTED]> wrote: > > Hi, I am preparing a self enrollment webapp for generating client > certificates and adding them to the server keystore. I know that > Tomcat won't reload keystore unless the server is restarted, so I did > look for alternatives, and the JSSE guide explains an approach to this > in the section "Creating Your Own X509TrustManager". > > My question is: Does anybody in this list have some experience solving > this problem?, providing tomcat a custom trust manager to dynamically > add a client certificate to the verification path when client > credentials are presented? > > Can self-enrollment be done using Tomcat and JSSE? maybe it can't be > done I am just wasting my time ;) I have searched a lot in the last 3 > days, tomcat list archives and other materials, I have not found a > single solution to this problem, except for the JSSE guide and this > article, that explains how to create a trustManager and a SSLContext > for implementing S/MIME with JavaMail: > > * http://www.javaworld.com/javatips/jw-javatip115.html > > Thanks a lot for any feedback you can provide. > > Regards, > Martin > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
