You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Spoorti Rao <sp...@gmail.com> on 2017/04/25 08:42:23 UTC

Dynamic loading of Keystore without tomcat restart.

Hello,

Can tomcat support the dynamic loading of the keystore without the tomcat
restart?
Currently with default settings whenever the server certificates gets
expired and needed to be changed the tomcat restart is mandatory.
Without the restart the new certificates are not loaded and used.
Is there any way where for each new TLS connection the tomcat could read
the certificates freshly from the file instead from the already loaded
memory and supply the certificates?

Kindly let me know if there is any way or configuration within the tomcat
which can suffice the above usecase.

Best Regards,
Spoo

Re: Dynamic loading of Keystore without tomcat restart.

Posted by Mark Thomas <ma...@apache.org>.

On 25/04/17 09:42, Spoorti Rao wrote:
> Hello,
> 
> Can tomcat support the dynamic loading of the keystore without the tomcat
> restart?
> Currently with default settings whenever the server certificates gets
> expired and needed to be changed the tomcat restart is mandatory.
> Without the restart the new certificates are not loaded and used.
> Is there any way where for each new TLS connection the tomcat could read
> the certificates freshly from the file instead from the already loaded
> memory and supply the certificates?
> 
> Kindly let me know if there is any way or configuration within the tomcat
> which can suffice the above usecase.

Currently, no.

There is an open enhancement request that would implement much, if not
all, of what is required for this to be possible:
https://bz.apache.org/bugzilla/show_bug.cgi?id=60762

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org