Databases
StackOverflow2013
Postsdbo
POAccessing Tomcat's configured KeyStore and TrustStore
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAccessing Tomcat's configured KeyStore and TrustStore
    text
    copied!<p>I have a web app running in Tomcat that is making a web service call to another system. I need to secure this call with SSL and client authentication. The Tomcat I'm hosted in is already properly configured with a truststore and keystore specific to the environment, so I need to use those stores to secure my own call. This is where I'm stuck.</p> <p>How can I locate the keystore and truststore that Tomcat is configured with to make my own SSL call? Or better, generate a properly configured SSLContext or SSLSocketFactory with those values? </p> <p>Things I've tried: </p> <ol> <li><p>I tried relying on the SSLContext.getDefault(). That doesn't appear to be set. </p></li> <li><p>I tried relying on System properties: </p> <pre><code>System.getProperty("javax.net.ssl.trustStore"); System.getProperty("javax.net.ssl.trustStorePassword"); System.getProperty("javax.net.ssl.trustStoreType"); System.getProperty( "javax.net.ssl.keyStore"); System.getProperty( "javax.net.ssl.keyStorePassword"); System.getProperty("javax.net.ssl.keyStoreType"); </code></pre></li> </ol> <p>But this appears to be a brittle solution as Tomcat doesn't have to be configured with system properties. In one of the test environments, the trust store information is set, but the keystore variables aren't. They're defined in Tomcat's server.xml. </p> <p>Is there some simple way to do this that I'm overlooking?</p> <p><strong>Updated:</strong> </p> <p><a href="https://stackoverflow.com/questions/4048892/accessing-ssl-private-key-from-a-servlet">This question is similar</a> and one of the answers points out that SSL could be handled by OpenSSL\APR, so any solution here will depend heavily on the way Tomcat is configured. Assuming JSSE, the solutions appear to be: </p> <ul> <li>Ensure Tomcat is configured through system properties.</li> <li>Have the stores live at a predefined location on the server.</li> <li>Package your own copies of the stores in your war. </li> </ul> <p>For the first two above, you'd have to ensure the security policy allows access to those files. </p> <p>Are these really the best practices for what I'm trying to do?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload