Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

setting ssl keystore at runtime in Jetty

Tags:

java

certificate

ssl

ssl-certificate

jetty

Is it possible to change keystore at runtime? Currently I am setting up SSL before I do a server.start() - 

sslContextFactory.setTrustStore(ks);
sslContextFactory.setTrustStorePassword(TRUSTSTORE_PASS);
sslContextFactory.setKeyStorePassword(KEYSTORE_PASS); 
ServerConnector https = new ServerConnector(server, sslContextFactory);

server.start()

What I would like to do is create a certificate at runtime and use it. Basically I am creating a tool like Fiddler which creates certificates on the fly.

like image 675
gauravphoenix Avatar asked May 23 '13 05:05

gauravphoenix

People also ask

Is Truststore same as keyStore?

You can still use the same file as trustStore and keyStore in Java to avoid maintaining two separate files, but its a good idea to segregate public keys and private keys in two different files, it's more verbose and self-explanatory that which one holds CA certificates to trust the server and which contains the ...

Is JKS keystore or Truststore?

JKS keystore typeA Java Keystore (JKS) is a common keystore type that is used for Java environments because it is easier to set up. JKSs use files with a . jks extension that are stored in the zFS file system. The JKS is referenced by the keyStore element in the server.

How does SSL work with keyStore and Truststore?

Mobile Security Access Server supports an SSL keystore and SSL truststore. The SSL keystore holds the identity key for the server and the SSL truststore serves as the repository for trusted certificates. The SSL truststore is used for trusting or authenticating client certificates (for two-way SSL).

2 Answers

This has been fixed since Jetty 9.4.0, see https://github.com/eclipse/jetty.project/issues/918. You can now just override the Key/TrustStore etc. and call SslContextFactory.reload.

Note however there is a caveat with TLS session resumption: https://github.com/eclipse/jetty.project/issues/918#issuecomment-250791417. According to the comments, it shouldn't be an issue with common browsers, but who knows about IE, Mobile, non-browser clients, etc.

like image 184
Ben Romberg Avatar answered Sep 22 '22 15:09

Ben Romberg

After posting this question in Jetty mailing list, I got response that is it not really feasible

like image 24
gauravphoenix Avatar answered Sep 21 '22 15:09

gauravphoenix
Sign in to Comment

Related questions

Is there any software for testing sequences for non-randomness in Java?
Configure Jersey/Jackson to NOT use @XmlElement field annotation for JSON field naming
JSON-RPC client in Java [closed]
Enabling option-key shortcuts in MATLAB for Mac
Outer vs. Super class
Wait for cancel() on FutureTask
Apache IVY error message? : impossible to get artifacts when data has not been loaded
How to statically analyze reference types passed to each bytecode instruction?
Eclipse - Extract/package the required libraries into the same Runnable JAR
'Shared Object Memory' vs 'Heap Memory' - Java
RDF / Graph to Object Mapping Framework [closed]
Getting Product information like name, price etc using barcode number
How to do Java String matching using Boolean Search Syntax?
Reference type with partially qualified namespace
Non-resolvable parent POM: Could not find artifact
From within Java, how can I create a list of all possible numbers from a specific regular expression?
Custom trustStore with cacerts as a fallback for keys not in custom trustStore
How can I add an Eclipse Quick Fix for a custom Java marker?
Uses for the strange-looking explicit type argument declaration syntax in Java
Generics in overridden methods

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!