1 Reply Latest reply on Mar 19, 2004 8:16 AM by Scott Stark

    which keystore certificate for ssl

    martin0 Novice

      Hi,

      How does the SSLServerSocketFactory know which certificate in the keystore file should be presented for SSL?

      I expected something to identify the certificate in the Factory config (like alias or DN).

      Thanks
      Martin

        • 1. 3857788
          Scott Stark Master

          The problem is that you don't just poll the flag once; you have to do it over and over. To make it work in a cluster, the flag has to be implemented as a clustered singleton mbean, which means that every lookup has to go through JNDI, which has relatively high overhead.

          In our app, there are no places that get executed often enough to be useful as abort check points, yet seldom enough not to bog things down if every pass through them involves a JNDI lookup and mbean flag check.

          So...any thoughts on non-polling-based techniques?