-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Joesph,
On 1/30/19 16:20, Joseph Dornisch wrote: > It appears that it is possible to have tomcat refresh it's CRL > specified in the Connector from reading: > https://bz.apache.org/bugzilla/show_bug.cgi?id=60762 > > The bug/feature request seems to have been fixed/implemented, but I > haven't found any documentation about how to tell Tomcat when to > update the relevant CRL. Do you have to override the connector > class or use JMX? Or are there configuration options in the > Connector itself? There is no auto-reload option on the Connection. You will have to trigger the reload yourself. My recommendation would be to use JMX to trigger the reload because you don't have to write any code to do it. You can use the Manager's JMXProxyServlet to expost JMX-over-HTTPS and then use something like curl from a script to trigger the reload. Take a look starting on slide 27 of this presentation: https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encrypt %20Apache%20Tomcat.pdf If you ignore the fact that the keystore is what's being replaced, everything in there sounds like it's exactly what you want to do. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxSV1QACgkQHPApP6U8 pFiVahAAshILG1p91YzeaezP6JZmiJt/vnXKOCOYxa3gZmv8eNLJxK77o+4JhI7R gIeWzfWuYQpT+OeB0SVHq7lyo65TwNBM1/cayIFBRAg7Ka+rb1psh0hQyqcI4KfY 9SFrzGJdoTekDF7m4m86ntGodK8grvU4U+eGD4qOr+DA8gbDw96dpSuD1C5hGwXp F0M/OWUeByIvI/sNXvpgyujWI5fo8e2UR/AaRWZ29B9ivQxYiYAyxqhoq5+E5/rX /AtfP0KZEnKyFXGStug/kjTc0tDiVegEsNoluM8K90M6pQ/MlALxz9gPZT3ADo2V NsFHZEjxgzUaJG/ye7AIrPAoPwdcYDYOxhS6toHYguTSG2GC3SXw51yZOJunwyg0 tZ9XRtCfzz6FGvJRNGYH5XoR3TJXcicuj2jCEstMOL3X2H2j/aOB0lVg/1/WzhvF GKCcbIr4stBs4TLS3rcvQxUot4KCmxxfPNBeGmdMyww+pgM9cQOk++EYbDHtXBCA 5k4CEgcLZATsClI0ALziohXxdFNKwJeY+YAaeyNLq4kvKCtlal3ne9eZbLD1fyXm rA2hu2lOqrwGFKP0iHNhkGt8inhlzI466t10iV9knOY5r75SvmlKxNJ0KWRvGgvW OEMzDmF177JATSAh8Ag3An3Pik+Y03lC84fqiS+Jn7gaGSLETDE= =UO/M -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
