SSLContext. Should I reload it?

Question

I am interested in updating a truststore dynamically.
What would be the best option?
Reload SSLContext or is it possible to recreate TrustManagers?

score 1 · Answer 1 · answered Nov 01 '12 at 22:56

1

You can't 'reload' an SSLContext, but you can certainly create a new one. A custom TrustManager won't help, as it is the underlying TrustManagerFactory that has the connection to the keystore, not the TrustManager.

answered Nov 01 '12 at 22:56

user207421

305,947
44
307
483

1

It might be possible to write a `TrustManager` that wraps the one obtained from a TMF, with a setter to change the delegated instance. I'm not sure how that would work regarding potential concurrency issues, though. – Bruno Nov 02 '12 at 00:51
So would the best option be to recreate `SSLContext` when it is required?Could I do this:`TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ts);`?I found this: http://jcalcote.wordpress.com/2010/06/22/managing-a-dynamic-java-trust-store/ that seems to be what I need but I am not sure if it works or I should keep recreating the `SSLContext` instead – Jim Nov 02 '12 at 07:38
@EJP:So what do you recommend? – Jim Nov 02 '12 at 11:41

score 0 · Answer 2 · answered Apr 28 '23 at 09:39

It is possible to reload the TrustManager within the SSLContext while using the existing SSLContext. See here for the answer which I posted for a similar question: https://stackoverflow.com/a/69507126/6777695 It contains the full snippet of code samples.

SSLContext. Should I reload it?

2 Answers2

Linked