[
https://issues.apache.org/jira/browse/AMQ-8568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré reassigned AMQ-8568:
-----------------------------------------
Assignee: Jean-Baptiste Onofré
> Add support for trust store reloading
> -------------------------------------
>
> Key: AMQ-8568
> URL: https://issues.apache.org/jira/browse/AMQ-8568
> Project: ActiveMQ
> Issue Type: Improvement
> Reporter: Lionel Cons
> Assignee: Jean-Baptiste Onofré
> Priority: Major
>
> When using X.509 authentication, one can add a new subject to be allowed to
> the {{jaas.textfiledn.user}} file and the rest is automatic: file change is
> detected, file is reloaded and the change of security settings is effective
> without having to restart the broker. This is all very good.
> However, if the new certificate comes from a new CA then the Java trust store
> has to be changed. Unless I missed something, ActiveMQ does not detect
> changes to the trust store and the broker must be restarted to take into
> account the new trust store.
> It would be very useful to add support for trust store reloading to avoid
> these broker restarts.
> The best solution would be to integrate it with the
> {{runtimeConfigurationPlugin}}: when the file (defined in {{sslContext}}'s
> {{trustStore}}) changes, it gets reloaded.
> If it is too complex, another possibility would be to expose a JMX method to
> trigger this reload. A bit like we currently have {{reloadLog4jProperties}}.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
