I have a setup in which an instance of Tomcat 6 is running on a given machine,
and another application on the same machine generates or updates the SSL
credentials that Tomcat should present. The credentials are not in JKS format,
and so currently I'm exporting them to PKCS#12 and writing them out to a
location previously specified in server.xml. The problem is that since Tomcat
only seems to load its credentials at startup, the only way to get the new SSL
certificate to be used is to restart Tomcat.
Is there a programmatic way to change Tomcat's keystore
dynamically so that when I want to update the SSL credentials, I can do so
without having to restart the service? I looked at the HTTP11Connector class,
and possibly wrapping/replacing that in my setup, but I couldn't see anything
that would allow me to override the current keystore. Even if I could just
override the certificate/key used, that'd be fantastic.
Thanks.
