Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Reload Java cacerts without restarting JVM

Status
Not open for further replies.
Gary2308

Gary2308

Programmer
Sep 8, 2014
3
EU
We have a product that uses multiple servers, each using a java based control program. We need to add the SSL cert from each of these servers to the cacerts stores on a central control server. The problem is we need to do this without having to restart the JVM each time.

I've been looking for a solution for a few weeks but haven't found anything, is it possible to reload the cacert file without restarting the JVM?

I don't think it is, but want to be certain before I tell marketing the one thing they really really want can't be done....
 
Sort by date Sort by votes
I don't think you can do that unless you write your own security manager.

And this is for a good security reason: dinamycally added certs is an important security flaw. Anyway, how often do you update your certs?

Cheers,
Dian
 
Upvote 0 Downvote
Thats the big question. I thought the use case for this would be that it was something the customer didn't do very often, maybe once when a cluster was initially configured. But marketing found another use case where it would happen a lot more frequently - hence the issue being raised.

I've seen a few references to writing a security manager, overriding the TrustManager, but our system is built on Rest-restlett and I can see how I would do that in our architecture.
 
Upvote 0 Downvote
You would replace it so the JVM uses the new TrustManager, no matter what application is running. Anyway, I still can't see the case where the certs are so often changed. In most cases, certs are delivered offline to maintain security and its strength is mostly based on its stability.

Cheers,
Dian
 
Upvote 0 Downvote
How do you replace the JVM trustmanager?

The reason we need to add certs so often is that there is a centrol control server that talks to clients in a cluster via SSL/HTTPS. Each time a new client is added to the cluster (a cluster could have up to 100 clients added over a period of time) the client certificate needs to be added to the trust store, and each time that happens we would need to reload. The client cert is placed in the server via sftp.
 
Upvote 0 Downvote
Why don't just adding all the certs? I've never replaced it, but should be something like this

Cheers,
Dian
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

soni21
  • Locked
  • Question
Best Practices for Exception Handling in Java
Replies
0
Views
196
soni21
soni21
Rienes
  • Locked
  • Question
How to learn Java
Replies
3
Views
219
Rienes
Rienes
Makumbi256
  • Locked
  • Question
how can i convert this code to javascript
Replies
1
Views
207
xwb
xwb
R-MacDonald
  • Locked
  • Question
How to order Software on Java?
Replies
3
Views
302
JacquelineReeser
JacquelineReeser
Michelle Cammack
  • Locked
  • Question
Need help with java code
Replies
2
Views
209
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top