You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Jean-Baptiste Onofré (Jira)" <ji...@apache.org> on 2022/04/06 05:53:00 UTC

[jira] [Assigned] (AMQ-8568) Add support for trust store reloading

     [ https://issues.apache.org/jira/browse/AMQ-8568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Baptiste Onofré reassigned AMQ-8568:
-----------------------------------------

    Assignee: Jean-Baptiste Onofré

> Add support for trust store reloading
> -------------------------------------
>
>                 Key: AMQ-8568
>                 URL: https://issues.apache.org/jira/browse/AMQ-8568
>             Project: ActiveMQ
>          Issue Type: Improvement
>            Reporter: Lionel Cons
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>
> When using X.509 authentication, one can add a new subject to be allowed to the {{jaas.textfiledn.user}} file and the rest is automatic: file change is detected, file is reloaded and the change of security settings is effective without having to restart the broker. This is all very good.
> However, if the new certificate comes from a new CA then the Java trust store has to be changed. Unless I missed something, ActiveMQ does not detect changes to the trust store and the broker must be restarted to take into account the new trust store.
> It would be very useful to add support for trust store reloading to avoid these broker restarts.
> The best solution would be to integrate it with the {{runtimeConfigurationPlugin}}: when the file (defined in {{sslContext}}'s {{trustStore}}) changes, it gets reloaded.
> If it is too complex, another possibility would be to expose a JMX method to trigger this reload. A bit like we currently have {{reloadLog4jProperties}}.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)