Ssl
Tomcat 可以在不重新啟動的情況下重新載入其 SSL 證書嗎?
我有一個後台程序,可以更新 Tomcat 用於其 SSL 憑據的密鑰庫。我希望能夠讓 Tomcat 自動重新載入,而無需手動重啟。
是否可以讓 Tomcat 在不重新啟動的情況下重新載入它,或者是否可以通過程式方式來代替它?
儘管您的後台程序可以自動重新啟動tomcat,但我不相信有辦法自動執行此操作。密鑰庫僅在 jvm 初始化時被讀取一次。如果您要編寫自己的處理程序來定期重新檢查密鑰庫,那麼可能會有一個解決方案,但我個人在 Internet 上沒有找到任何這樣的範例。
您可以在更改 jssecacert 文件後重新啟動單個 Tomcat 連接器,即可以像 8443 一樣重新啟動埠。
這是我在添加/刪除證書後用來重新啟動 tomcat 連接器的完整程式碼/方法。
// Stop and restart the SSL connection so that the tomcat server will // re-read the certificates from the truststore file. public void refreshTrustStore() throws Exception { try { //following line should be replaced based on where you get your port number. You may pass in as argument to this method String httpsPort = configurationManager.getHttpsPort(); String objectString = "*:type=Connector,port=" + httpsPort + ",*"; final ObjectName objectNameQuery = new ObjectName(objectString); for (final MBeanServer server: MBeanServerFactory.findMBeanServer(null)) { if (!server.queryNames(objectNameQuery, null).isEmpty()) { MBeanServer mbeanServer = server; ObjectName objectName = (ObjectName) server.queryNames(objectNameQuery, null).toArray()[0]; mbeanServer.invoke(objectName, "stop", null, null); // Polling sleep to reduce delay to safe minimum. // Use currentTimeMillis() over nanoTime() to avoid issues // with migrating threads across sleep() calls. long start = System.currentTimeMillis(); // Maximum of 6 seconds, 3x time required on an idle system. long max_duration = 6000L; long duration = 0L; do { try { Thread.sleep(100); } catch (InterruptedException e) { Thread.currentThread().interrupt(); } duration = (System.currentTimeMillis() - start); } while (duration < max_duration && server.queryNames(objectNameQuery, null).size() > 0); // Use below to get more accurate metrics. String message = "TrustStoreManager TrustStore Stop: took " + duration + "milliseconds"; logger.information(message); mbeanServer.invoke(objectName, "start", null, null); break; } } } catch (Exception exception) { // Log and throw exception throw exception } }