On 19/02/2016 15:23, Christopher Schultz wrote: > Mark, > > On 2/18/16 5:15 PM, Mark Thomas wrote: >> On 18/02/2016 22:03, James H. H. Lampert wrote: >>> Out of morbid curiosity, is there a way to make a certificate >>> update take effect without restarting Tomcat? > >> Sort of. > >> Set bindOnInit on the connector to false. > >> Modify the config via JMX. > >> Then you should be able to use JMX to call stop() followed by >> start() on the TLS connector which should re-initialise the TLS >> settings from the in-memory config. > > Theoretically, this should also allow re-loading of a CRL, right?
In theory yes. But this is entirely untested and based solely on code inspection. There will also be a small gap where requests could get rejected. Mark > > I keep meaning to write an auto-reloading CRL component for Tomcat, > but I haven't gotten around to doing it, yet. :( > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
