You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Houston Putman (Jira)" <ji...@apache.org> on 2023/04/11 19:39:00 UTC

[jira] [Commented] (SOLR-16743) Auto reload keystore/truststore on change

    [ https://issues.apache.org/jira/browse/SOLR-16743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17711096#comment-17711096 ] 

Houston Putman commented on SOLR-16743:
---------------------------------------

There might be an issue with client SSL reloading. Java caches SSL session information, and there is no current way to disable that functionality: https://github.com/eclipse/jetty.project/issues/918#issuecomment-250791417

> Auto reload keystore/truststore on change
> -----------------------------------------
>
>                 Key: SOLR-16743
>                 URL: https://issues.apache.org/jira/browse/SOLR-16743
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Server, SolrJ
>            Reporter: Houston Putman
>            Priority: Major
>
> Currently everyone who uses Solr with SSL must restart their clusters when new certificates are created.
> Jetty comes with an [ssl-reload|https://www.eclipse.org/jetty/documentation/jetty-10/operations-guide/index.html#og-module-ssl-reload] module for reloading the server's keystore.
> For the client we would likely need to reload the truststore, but that requires more investigation.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org