Dynamically adding certificates to "truststore" in Java EE

I have a webapp which receives a certificate request through upload via a servlet (non-ssl).

The CSR is signed by the webapp, and sent back to the user which installs the certificate in their browser.

Now, how do I make the servlet container accept HTTPS connections with the newly signed certificate?

As far as I know, the signed certificate must be located in the HTTPS Connector's "truststore", and that is no problem开发者_C百科 to do manually.

But how can I add it automatically without restarting the container or messing with the command line?

I think you're approaching the problem the wrong way. The idea is to have a root certificate in your server-side truststore already. You sign client-side certs with this root certificate. Then, when the client makes a request using this