1

We have a requirement to support LDAPS for all our directory login through JNDI

Have set the "javax.net.ssl.trustStore" to the trust store I need and have added certificates to a trusted java keystore.

The JNDI call is successful for the first time import of any certificates. But further updates to the keystore like updating or deleting it is not picked up by JNDI. We are trying to communicate with a microsoft AD server.

The code is running in a jetty webapp and restarting the webapp to pick up latest keystore data is out of question.

Is there any way in which the reload can be addressed?

Regards,

Binoy

1 Answers1

2

You can create a ReloadableX509TrustManager.

Something like shown on: http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-store/

jwilleke
  • 10,467
  • 1
  • 30
  • 51
  • Looked in the site found a pretty decent implementation as well. Pasting the link http://stackoverflow.com/questions/9394864/jndi-ldaps-custom-hostnameverifier-and-trustmanager and http://stackoverflow.com/questions/13035910/ssl-connection-to-ldap-using-certitificates-and-custom-ssl-socket-factory Hope this helps. Had to search a lot for this. – user2219217 Mar 28 '13 at 16:51
  • Looked in the site found a pretty decent implementation as well. Pasting the link http://stackoverflow.com/questions/9394864/jndi-ldaps-custom-hostnameverifier-and-trustmanager and http://stackoverflow.com/questions/13035910/ssl-connection-to-ldap-using-certitificates-and-custom-ssl-socket-factory Hope this helps. Had to search a lot for this. – user2219217 Mar 28 '13 at 17:08