Lionel Cons created AMQ-8568:
--------------------------------
Summary: Add support for trust store reloading
Key: AMQ-8568
URL: https://issues.apache.org/jira/browse/AMQ-8568
Project: ActiveMQ
Issue Type: Improvement
Reporter: Lionel Cons
When using X.509 authentication, one can add a new subject to be allowed to the
{{jaas.textfiledn.user}} file and the rest is automatic: file change is
detected, file is reloaded and the change of security settings is effective
without having to restart the broker. This is all very good.
However, if the new certificate comes from a new CA then the Java trust store
has to be changed. Unless I missed something, ActiveMQ does not detect changes
to the trust store and the broker must be restarted to take into account the
new trust store.
It would be very useful to add support for trust store reloading to avoid these
broker restarts.
The best solution would be to integrate it with the
{{runtimeConfigurationPlugin}}: when the file (defined in {{sslContext}}'s
{{trustStore}}) changes, it gets reloaded.
If it is too complex, another possibility would be to expose a JMX method to
trigger this reload. A bit like we currently have {{reloadLog4jProperties}}.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
