Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-16518

Truststore is not getting reloaded at runtime in wildfly 25

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 25.0.1.Final
    • Security
    • None
    • Hide
      1. Create empty truststore at the time of starting wildfly

      2. Add self signed certificates to the truststore after wildfly is started.
      3. Reload truststore using commands: 
        ./bin/jboss-cli.sh --connect <<EOF 
         /subsystem=elytron/key-store=trust-store:load 
         /subsystem=elytron/trust-manager=TrustManager:init
         EOF
         
      Show
      Create empty truststore at the time of starting wildfly Add self signed certificates to the truststore after wildfly is started. Reload truststore using commands:  ./bin/jboss-cli.sh --connect <<EOF   /subsystem=elytron/key-store=trust-store:load   /subsystem=elytron/trust-manager=TrustManager:init  EOF  
    • ---
    • ---

      Hi,
      We are creating an empty truststore at wildfly startup and later we are adding self signed certificates to the truststore. 
      After that we are reloading keystore and trust manager using below commands:
      ./bin/jboss-cli.sh --connect <<EOF 
       /subsystem=elytron/key-store=trust-store:load 
       /subsystem=elytron/trust-manager=TrustManager:init
       EOF
       
      Below is the output of commands:
      [standalone@localhost:9990 /] /subsystem=elytron/key-store=trust-store:load

      {     "outcome" => "success",     "result" => undefined }

      [standalone@localhost:9990 /] /subsystem=elytron/trust-manager=TrustManager:init

      {"outcome" => "success"}

       
      We are enabling elytron to reload truststore without restarting the JVM.
       
      It seems that the new truststore is not taken into use by the JVM.  If we restart the JVM then only new truststore is taken into the consideration.
       
      We are observing below exceptions after  reloading truststore:
      Connection is failing and getting below exceptions:

      Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
       
      This exception is not seen when we restart the JVM
       
      Could you please provide some pointers  to resolve this issue?
       

              Unassigned Unassigned
              aniketpachpute27@gmail.com Aniket Pachpute (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: