https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #10 from Mark Thomas <ma...@apache.org> --- Not every key/cert is defined by a file. At least one cloud provider (Azure) has a JCA provider that enables Java apps to access keys in the cloud provided vault without any reference to a file on the file system. Support for certificateKeystoreFile to accept "" or "NONE" was implemented for hardware keystores. Without access to a file, a way to determine when to trigger the reload was required. Given this listener is intended for systems that have automated key updates, X days before current key expiry was a simple trigger that worked for all the scenarios. Happy to consider alternatives if someone has a better idea. The logging was intended to be annoying. If you have a system that is meant to automatically updates your TLS keys then a noisy log message when that system fails seems reasonable to me. Thinking about it, you will want a log message when TLS reloading is triggered so there is going to be a log message anyway. There is probably some fine tuning to do once the first draft of this is implemented. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org