Ssl

Tomcat 可以在不重新啟動的情況下重新載入其 SSL 證書嗎?

  • September 26, 2020

我有一個後台程序,可以更新 Tomcat 用於其 SSL 憑據的密鑰庫。我希望能夠讓 Tomcat 自動重新載入,而無需手動重啟。

是否可以讓 Tomcat 在不重新啟動的情況下重新載入它,或者是否可以通過程式方式來代替它?

儘管您的後台程序可以自動重新啟動tomcat,但我不相信有辦法自動執行此操作。密鑰庫僅在 jvm 初始化時被讀取一次。如果您要編寫自己的處理程序來定期重新檢查密鑰庫,那麼可能會有一個解決方案,但我個人在 Internet 上沒有找到任何這樣的範例。

您可以在更改 jssecacert 文件後重新啟動單個 Tomcat 連接器,即可以像 8443 一樣重新啟動埠。

這是我在添加/刪除證書後用來重新啟動 tomcat 連接器的完整程式碼/方法。

// Stop and restart the SSL connection so that the tomcat server will
// re-read the certificates from the truststore file.
public void refreshTrustStore() throws Exception 
{
   try 
   {
       //following line should be replaced based on where you get your port number. You may pass in as argument to this method
       String httpsPort = configurationManager.getHttpsPort();
       String objectString = "*:type=Connector,port=" + httpsPort + ",*";

       final ObjectName objectNameQuery = new ObjectName(objectString); 

       for (final MBeanServer server: MBeanServerFactory.findMBeanServer(null))
       {
           if (!server.queryNames(objectNameQuery, null).isEmpty())
           {
               MBeanServer mbeanServer = server;
               ObjectName objectName = (ObjectName) server.queryNames(objectNameQuery, null).toArray()[0];

               mbeanServer.invoke(objectName, "stop", null, null);

               // Polling sleep to reduce delay to safe minimum.
               // Use currentTimeMillis() over nanoTime() to avoid issues
               // with migrating threads across sleep() calls.
               long start = System.currentTimeMillis();
               // Maximum of 6 seconds, 3x time required on an idle system.
               long max_duration = 6000L;
               long duration = 0L;
               do
               {
                   try
                   {
                       Thread.sleep(100);
                   }
                   catch (InterruptedException e)
                   {
                       Thread.currentThread().interrupt();
                   }

                   duration = (System.currentTimeMillis() - start);
               } while (duration < max_duration &&
                       server.queryNames(objectNameQuery, null).size() > 0);

               // Use below to get more accurate metrics.
               String message = "TrustStoreManager TrustStore Stop: took " + duration + "milliseconds";
               logger.information(message);

               mbeanServer.invoke(objectName, "start", null, null);

               break;
           }
       }
   } 
   catch (Exception exception) 
   {
       // Log and throw exception
           throw exception
   }
}

引用自:https://serverfault.com/questions/328533