2 Replies Latest reply on Jul 27, 2012 8:32 AM by mchenderson

Change Client SSL Certificate Without Restarting JVM?

mchenderson Jun 29, 2012 7:52 AM

My client needs to connect to a JBoss server using different credentials at different times. I have a customised SSLSocketBuilder that successfully loads different keystores at the appropriate times. When changing client SSL certificate, I am successfully closing down all current SSL connections. Nevertheless, on making new SSL connections and listening for the handshake complete event, it is clear that the local SSL certificate used for the handshake is not changing.

Is there some about the implementation of SSL sockets in JBoss preventing the change in local SSL certificate from taking place?

If so, is there a way to force the change?

I am using JBoss 4.2.3.

Thanks in advance,

Michelle.

1. Re: Change Client SSL Certificate Without Restarting JVM?

ron_sigal Jul 17, 2012 9:40 PM (in response to mchenderson)

Hi Michelle,

It sounds like you're doing the right thing. When you create a new connection, org.jboss.remoting.AbstractInvoker.createSocketFactory() should call SSLSocketBuilder to get a new socket factory, and the new socket factory should be created with the new keystore. Hmmm.

How is your client configured? Have you looked at AbstractInvoker.createSocketFactory() to verify that the new socket factory is, in fact, being created by your SSLSocketBuilder.

-Ron
1 of 1 people found this helpful
Actions
2. Re: Change Client SSL Certificate Without Restarting JVM?

mchenderson Jul 27, 2012 8:32 AM (in response to ron_sigal)

Hi Ron,

Thank you for your reply.

We have found a solution to this problem that meets our needs. In our customised SSLSocketBuilder, every time that we change the client SSL certificate we invoke createSocketFactorySSLContext followed by initialiseSocketFactorySSLContext. We also set useSSLSocketFactory to false so that it is our own customised socket factory that gets instantiated.

Best regards,

Michelle.
Actions

Go to original post