-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hassan,
On 2/27/18 5:04 PM, Hassan Khan wrote: > On Tue, Feb 27, 2018 at 4:23 PM, Christopher Schultz < > [email protected]> wrote: On 2/27/18 3:07 PM, Hassan > Khan wrote: >>>> I have a issue with system variables that are set to make a >>>> https connection. > Making an outgoing connection from a web application? Tomcat has > zero control over those. > >>>> I am setting the following for each https request : >>>> System.clearProperty("javax.net.ssl.keyStore"); >>>> System.clearProperty("javax.net.ssl.keyStorePassword"); >>>> System.setProperty("javax.net.ssl.keyStoreType", "PKCS12"); >>>> System.setProperty("javax.net.ssl.keyStore", "star.*.pfx"); >>>> System.setProperty("javax.net.ssl.keyStorePassword", >>>> "Pass"); > > For each request? That's probably not going to work. > >> Making a request from the webapp to a Https endpoint.. It is a >> SOAP request... The code successfully creates a TLSv1.2 >> connection. Thanks for clarifying that. I'm marking this thread as off-topic because it doesn't really have anything to do with Tomcat at this point. That doesn't mean we can't still discuss it... Changing system properties during runtime often does not give the expected result. Usually, components that rely on system properties for configuration read those properties a single time and initialize themselves. Later changes to those properties generally have no effect. > Are you trying to change the keystore that Tomcat uses for > *incoming* connections? If so, Tomcat only reinitializes the SSL > engine (including all key material) when initially configured, or > explicitly requested to reconfigure. > >> This keystore is what the web-app uses to connect to the Https >> Endpoint.. This is not a connector that tomcat is listening >> too.... It is part of the web-app. The webapp has a UI that takes >> the keystore path and password and uses it to connect to the >> endpoint as above. You would be better-off explicitly-configuring the code that is making the connection, rather than changing system properties. What are you using to make the outgoing connection? HttpURLConnection? Apache httpclient? Something else? Any decent library should make it possible to configure it to use whatever keystore (and truststore) you'd like it to use for outgoing connections. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqV2k0ACgkQHPApP6U8 pFg0Dw/9G7oN/eUMCI1+Y1kn6BeJ+bIQYmRa7YpjCC9wHNgIQO4eqzdPyUC8lbDe mX6WvVupHeOtIqRB/H1ZlI0lGm7McWl+q3LBZaxyQ5Y8Okpw1/9SfTXRaa3558To deYqX0/gy5oVa3rqPXNZWMjShQsSZeMoR5DMF6u7ZcxlgQ4sKV/4Ft3PDIXnyxHE ukwgzneZnBr/jK1oUGGH4h34otnTUY9RLNNo3Yy3xCWz0HrnL9qF3Op5ShFbjMMm 80xfdHL/MV9SrtvVHgpBePHjcUwxTnKtdMH8ej+qrveeLaXEt9iy3mrC5AVmJSsZ 68yxOhIy4K29Ie30a/CmL2RQqdO2gZbp98zwowRoldoy/rSiR70uA9j3t3PTQMkr Yvg52EpWI45xnw0ca5aqkUqLX5fIEtlm+Yrl/PNz/ScD/W6GMuvBv4pMBl/E6lIN Y3xHxsxQ0oOpVq2cez0+hWquW0ZynM+8ZuJUm+s8uiV28yTGIB7jzL+o2F1V2apB QKoPRyadiNJhHEtHnQNucSPL7nTT0+6vZlAQ5gj8wtdiPELG9AP2xLVNC2YqG4Kr Mbk+e41Vtm45P1lj3b4RIhoylcVE3HMvUGMWStg/09GGVZwAvUgSbdzW48x7OE3+ jrFgGWJhOvGN7bLFzPCCpIAv0GyF0trqhpsy3QMQGDb4nw5IjEM= =Z7nQ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
