Thanks a lot for the explanation... You'r right.. Appreciate it On Tue, Feb 27, 2018 at 5:23 PM, Christopher Schultz < [email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hassan, > > On 2/27/18 5:04 PM, Hassan Khan wrote: > > On Tue, Feb 27, 2018 at 4:23 PM, Christopher Schultz < > > [email protected]> wrote: On 2/27/18 3:07 PM, Hassan > > Khan wrote: > >>>> I have a issue with system variables that are set to make a > >>>> https connection. > > Making an outgoing connection from a web application? Tomcat has > > zero control over those. > > > >>>> I am setting the following for each https request : > >>>> System.clearProperty("javax.net.ssl.keyStore"); > >>>> System.clearProperty("javax.net.ssl.keyStorePassword"); > >>>> System.setProperty("javax.net.ssl.keyStoreType", "PKCS12"); > >>>> System.setProperty("javax.net.ssl.keyStore", "star.*.pfx"); > >>>> System.setProperty("javax.net.ssl.keyStorePassword", > >>>> "Pass"); > > > > For each request? That's probably not going to work. > > > >> Making a request from the webapp to a Https endpoint.. It is a > >> SOAP request... The code successfully creates a TLSv1.2 > >> connection. > > Thanks for clarifying that. I'm marking this thread as off-topic > because it doesn't really have anything to do with Tomcat at this > point. That doesn't mean we can't still discuss it... > > Changing system properties during runtime often does not give the > expected result. Usually, components that rely on system properties > for configuration read those properties a single time and initialize > themselves. Later changes to those properties generally have no effect. > > > Are you trying to change the keystore that Tomcat uses for > > *incoming* connections? If so, Tomcat only reinitializes the SSL > > engine (including all key material) when initially configured, or > > explicitly requested to reconfigure. > > > >> This keystore is what the web-app uses to connect to the Https > >> Endpoint.. This is not a connector that tomcat is listening > >> too.... It is part of the web-app. The webapp has a UI that takes > >> the keystore path and password and uses it to connect to the > >> endpoint as above. > > You would be better-off explicitly-configuring the code that is making > the connection, rather than changing system properties. What are you > using to make the outgoing connection? HttpURLConnection? Apache > httpclient? Something else? Any decent library should make it possible > to configure it to use whatever keystore (and truststore) you'd like > it to use for outgoing connections. > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqV2k0ACgkQHPApP6U8 > pFg0Dw/9G7oN/eUMCI1+Y1kn6BeJ+bIQYmRa7YpjCC9wHNgIQO4eqzdPyUC8lbDe > mX6WvVupHeOtIqRB/H1ZlI0lGm7McWl+q3LBZaxyQ5Y8Okpw1/9SfTXRaa3558To > deYqX0/gy5oVa3rqPXNZWMjShQsSZeMoR5DMF6u7ZcxlgQ4sKV/4Ft3PDIXnyxHE > ukwgzneZnBr/jK1oUGGH4h34otnTUY9RLNNo3Yy3xCWz0HrnL9qF3Op5ShFbjMMm > 80xfdHL/MV9SrtvVHgpBePHjcUwxTnKtdMH8ej+qrveeLaXEt9iy3mrC5AVmJSsZ > 68yxOhIy4K29Ie30a/CmL2RQqdO2gZbp98zwowRoldoy/rSiR70uA9j3t3PTQMkr > Yvg52EpWI45xnw0ca5aqkUqLX5fIEtlm+Yrl/PNz/ScD/W6GMuvBv4pMBl/E6lIN > Y3xHxsxQ0oOpVq2cez0+hWquW0ZynM+8ZuJUm+s8uiV28yTGIB7jzL+o2F1V2apB > QKoPRyadiNJhHEtHnQNucSPL7nTT0+6vZlAQ5gj8wtdiPELG9AP2xLVNC2YqG4Kr > Mbk+e41Vtm45P1lj3b4RIhoylcVE3HMvUGMWStg/09GGVZwAvUgSbdzW48x7OE3+ > jrFgGWJhOvGN7bLFzPCCpIAv0GyF0trqhpsy3QMQGDb4nw5IjEM= > =Z7nQ > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Hassan Khan
