Re-reading certificates at runtime - Java

[smpe...@raytheon.com]

This is sort of a follow-on to Mike's message of last Sept. 12.
It, and Bug 352673 discussion, led us to be able to have our
applications handle new certificates being created while the apps are
running. We detect the INVALID_CREDENTIALS error and call:
ldap_unbind_s()
ldapssl_shutdown() (which calls SSL_ClearSessionCache() and
NSS_Shutdown())
...and re-initialize, and everybody's happy - in our C++ world.
____________________

Now we need to accomplish the same thing in our Java apps, but
can't seem to make them let go of and re-fetch certificates.
We connect with:
jsf = new JSSSocketFactory(certDir)
conn = new LDAPConnection(jsf)
conn.connect()
conn.authenticate(), using EXTERNAL mechanism

After re-creating certificates while running, on the
INVALID_CREDENTIALS error, we call:
connection.disconnect()
(which calls LDAPConnThread::deregister() and thus
sendUnbindRequest() )
SSLServerSocket.clearSessionCache()
...and re-initialize as in the beginning.
But, we continue to get INVALID_CREDENTIALS errors.
I'm guessing we're not cleaning up enough before re-initializing,
but don't know what else to try (e.g. can't find a Java handle to an
NSS_Shutdown() call, as in C)

Thanks for any help.

Steve