"Michael Rooz" <michaelr...@gmail.com> wrote in message news:3df1c6c00812170307m3252f89p8c58b8373142...@mail.gmail.com... > Hi, > > I've successfully configured Tomcat to use Client Authentication. > Evidently > for Tomcat to reflect updates made to the truststore, it needs to be > restarted. > > How can I get Tomcat to reload its truststore without performing a > restart? >
Well, you can stop and start the Connector (e.g. via JMX). But Tomcat will never re-load the truststore while the Connector is running on it's own. Of course, if you are using a dynamic truststore (e.g. card-based), then this shouldn't be a problem. In general, it is very rarely that you need to update the truststore since it just contains the trusted CA certs. Adding a user from a trusted CA doesn't require an update, since the user's cert will be accepted at the SSL layer. > > > If this requires writing a custom connector that would for example > reinitialize the SSLContext, where can I find some documentation that can > be of some help/guidance? > Not sure if this can be done from the APR Connector, but for the Java Connectors you need to create your own SSLImplementation (from o.a.t.u.net) and configure it with sSSImplementation="com.myfirm.mypackage.MySSLImplementation" on the <Connector .../> element. There is some information in the archives for this list, but otherwise the Tomcat JavaDocs and/or source code. > > > Thanks, > > -MIke > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org