I need to create a J2EE-based redundant certificate generator (a sort of a certificate authority) that uses openssl. Before I get to the redundancy part, my question is, is it allowed to run an executable such as openssl from an EJB container?
Theorectially no, but this is being relaxed in j2ee 1.5, and unless your running with a security manager that enforces this nothing will prevent this.
Would it be any better to use JNI to integrate openssl and use it from within the web container?
I found some instructions on how to generate certificates in C. I think I could link this to Java code, which will run in Tomcat.
That will be more portable.