[prev in list] [next in list] [prev in thread] [next in thread] 

List:       activemq-users
Subject:    add new ssl certificates at run-time
From:       "matteo rulli" <matteo.rulli () abodata ! com>
Date:       2012-02-21 7:40:19
Message-ID: 001d01ccf06c$0fd47da0$2f7d78e0$ () rulli () abodata ! com
[Download RAW message or body]


Dear all,

We dynamically load new client certs in our (server side) amq truststores
but the broker does not reload credentials. The procedure we use to insert
new certs in ts is ok, since it is the same we successfully use with apache
cxf. I found this thread on nabble:

 

http://activemq.2283324.n4.nabble.com/Dynamic-SSL-certs-td4320452.html

 

It is the very same issue I'm having but the answer is not so encouraging.
Could someone please elaborate a little bit more on that? I tried playing
around with SslContext like this:

 

KeyManagerFactory kmf = 

 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());  

      KeyStore ks = KeyStore.getInstance("jks");

      KeyManager[] keystoreManagers = null;

        

      ks.load(new FileInputStream(new File(broker_ks_file)),
keystorepswd.toCharArray());

      kmf.init(ks, keystorepswd.toCharArray());

      keystoreManagers = kmf.getKeyManagers();

 

TrustManager[] trustStoreManagers = new TrustManager[] {

                          new
ReloadableX509TrustManager(broker_ts_file,trustorepswd)};

 

       SslContext context = new SslContext(keystoreManagers,
trustStoreManagers, null);

broker.setSslContext(context);

 

where ReloadableX509TrustManager is as explained in 

 

 
<http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-stor
e/>
http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-store
/

 

But I cannot get it working.

 

Many thanks.

 

Matteo

 



[prev in list] [next in list] [prev in thread] [next in thread]