Our great sponsors
-
SSLContext-Kickstart
🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Available client examples are: Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Hi, I have been working on a small library to make hot reloading of a ssl configuration for a server and http client possible. I was just curious why we needed to restart the server or recreate a http client with new ssl configuration when the keystores needed to be updated. I wanted to learn how the ssl configuration is handled in java and was just curious if I could be able to bypass this limitation and reload the ssl configuration instantly. An alternative would be to use nginx as a proxy with ssl configuration for a server setup, but I was a bit bored and wanted to achieve this just in java. In the above demo I demonstrate a spring boot with embedded jetty server, however similar behaviour is possible with akka or other servers which use SSLContext, SSLSocketFactory, SSLEngine, TrustManager or KeyManager. The server has an initial ssl configuration and it will get updated by an admin application from the terminal through an https request, but it can also use a file listener to update it. If the keystores on the filesystem get replaced or updated it can also pick that up or fetch it from a database based on a trigger or something else. The demo can be found here https://github.com/Hakky54/java-tutorials/tree/main/instant-server-ssl-reloading I use my own library to have this setup working, which is available here: https://github.com/Hakky54/sslcontext-kickstart
Hi, I have been working on a small library to make hot reloading of a ssl configuration for a server and http client possible. I was just curious why we needed to restart the server or recreate a http client with new ssl configuration when the keystores needed to be updated. I wanted to learn how the ssl configuration is handled in java and was just curious if I could be able to bypass this limitation and reload the ssl configuration instantly. An alternative would be to use nginx as a proxy with ssl configuration for a server setup, but I was a bit bored and wanted to achieve this just in java. In the above demo I demonstrate a spring boot with embedded jetty server, however similar behaviour is possible with akka or other servers which use SSLContext, SSLSocketFactory, SSLEngine, TrustManager or KeyManager. The server has an initial ssl configuration and it will get updated by an admin application from the terminal through an https request, but it can also use a file listener to update it. If the keystores on the filesystem get replaced or updated it can also pick that up or fetch it from a database based on a trigger or something else. The demo can be found here https://github.com/Hakky54/java-tutorials/tree/main/instant-server-ssl-reloading I use my own library to have this setup working, which is available here: https://github.com/Hakky54/sslcontext-kickstart
Related posts
- SSLContext Kickstart 8.2.0 Released - Library to easily configure ssl
- Whats your opinion regarding a library name change and package name change
- Certificate Ripper v2 released - tool to extract server certificates
- FIPS 140-2 Certification for an open source project
- Updating server certificates during runtime without the need of restarting it