-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Joseph,
On 7/25/19 11:53, Joseph Dornisch wrote: > Hello, > > I have a CRL configured in my tomcat server configuration. If I > update it and want to have Tomcat refresh it, I can login into > https://127.0.0.1/manager/html and click the "Re-read" button > under "Configuration->Re-read TLS configuration files" and this > causes my CRL to be reread. It works great. > > However,I have read here, " > https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encry pt%20Apache%20Tomcat.pdf" > > on page 34 you can do basically the same thing with a command something > like: > https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHa ndler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22&op=reloadSslHostConfigs > > When I do this, I get back: > > Error - java.lang.NullPointerException > java.lang.NullPointerException at > org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(JM XProxyServlet.java:264) What > is the port number and bind-address of your protocol handler? > Is this command supposed to work in Tomcat 8.5.43? Is there a > different command. Short of this, the only way to force reload > without manual intervention seems to be to login to the manager > from code, and then execute > https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters.C SRF_NONCE= > > <nonce_value_from_established_session> The URL you have above (if correct) is using the manager to do the same thing using the JMX proxy that you are doing with the manager GUI. > I've seen that I might also write some code that Tomcat itself > would run periodically to refresh the SSL configuration. Could > anyone provide any ideas here? You can do it, but IMO it's better to trigger it externally, assuming that you are already deploying the manager app and the JMX proxy servlet . - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl09JyoACgkQHPApP6U8 pFi15RAAxWEnktvq6OHH6VHj5zDfmsLXgxZubc0RpbrMmdGF09xbIrdBoqGd1OKI t20fkIK8dBkz28Vb3MkXDBS9cYT8Z7qkMcf6R6fjsvwNfWw2P2rf+CNdz5kWz5jv fnglCaGuoJMKTCZkfIrVt7I/1zfvXDrZWxZz109EzVmX4ouzHBby5icof7P7VM7n 8Wr21117VLRFq9CIPKaPNDROOkLX8kLUmpHqsBsK7srF7EJehd7FVlgidIHDxsq/ t5R8tAzCSBWBkOdCa86JcR+2cRxaqUHpEZqWyDEm1LwbJ+fa9AB1maU47bGUfZX5 Xkc1ow9OZ+DMPEj/6zhwOwG6mpMXOTpAm3GHcrH6kbMQLfzjRio/b0f0KxEq/BfB LsJb8qyhSs16Jf0k9vLgsQBaX2LBZCaGY1ywMXItPTUnpgJ5eN9M8G931TFWPlBU M5AFlmgOic5qwXijPKNd3T7RWPKIjdn0EzExCOwK4jYkP57vMyPhfFqn+SL+4rku 2frYBKZYbwLHci1dUNzGb0m8JGVaJCg96CSxu6pYc7dzkP2YdxYgQLMw8D/U9j+m i26wEiedmJvFIsg7wlMoa4VudLqsEDL3HyeisHwTu4mRa7ONjU4XUOIDmNaJFBvG skQTLqEkfEAL/dMEN8STsXU38r2MWjHnCqllryUokIfPAG40SPA= =sTqX -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
