Embedded Tomcat - update/delete certificates without restarting

旧城冷巷雨未停 提交于 2019-12-11 17:59:53

问题


I am using embedded Tomcat and using SSLHostConfig to add SNI certificates when I create the connector. It works wonderfully.

I am also able to add certificates without restarting Tomcat using something like this:

SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig2.setHostName(host);
sslHostConfig2.setCertificateFile(path);
connector.addSslHostConfig(sslHostConfig);

This also works perfectly.

Also, without restarting Tomcat, I can get a list of all the existing SSLHostConfig instances using this:

SSLHostConfig[] sslHostConfigs = connector.findSslHostConfigs();

However, I couldn't figure out how to update or delete an existing SSLHostConfig instance. Setting it to null in the array doesn't work. Also, replacing it in the array with a new SSLHostConfig instance doesn't work either.

Is there a way to delete or modify an SSLHostConfig instance without restarting Tomcat?

Thanks.


回答1:


To update an SSLHostConfig with a new certificate file (which was referenced when creating it originally), this works:

    Http11NioProtocol protocol (Http11NioProtocol)connector.getProtocolHandler();
    protocol.reloadSslHostConfig(host);

Of course this assumes that you are using the Http11NioProtocol as the protocol handler for your connector.



来源:https://stackoverflow.com/questions/57997242/embedded-tomcat-update-delete-certificates-without-restarting

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!