Bug 61565

Summary: Manager interface for reloading TLS config
Product: Tomcat 9 Reporter: Nick Burch <apache>
Component: ManagerAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: P2    
Version: unspecified   
Target Milestone: -----   
Hardware: PC   
OS: Linux   

Description Nick Burch 2017-09-26 15:27:25 UTC
For an installation of Tomcat with JMX turned off, it would be nice to have an alternate way to request a graceful reload of the TLS configuration (eg for a renewed certificate)

Having an option in the Manager seems a good way to permit this for admins-only, with no JMX
Comment 1 Christopher Schultz 2018-01-04 15:38:55 UTC
Since Tomcat 8.5.24 and similar Tomcat 9.0.x, the endpoint class contains these new methods:

reloadSslHostConfig(String hostName)
reloadSslHostConfigs()

[ref: https://lists.apache.org/thread.html/79f8d5201990b57fc781c6e40730888934b3d57ce7bd7509720ef8e2@%3Cusers.tomcat.apache.org%3E]

It seems this makes this enhancement much easier to accomplish, though there may not be a natural place to show such an operation (e.g. the "endpoints" aren't shown on the manager page).

Where were you thinking you'd like these "reload TLS config" options to be offered?
Comment 2 Remy Maucherat 2018-01-04 15:58:26 UTC
Mark did it in r1818127 although I didn't test it.
Comment 3 Mark Thomas 2018-01-04 17:11:34 UTC
I was working on this just before I went on PTO for the holiday period. Looks like I forgot to resolve this once I committed the feature. Sorry for any confusion.
Comment 4 Mark Thomas 2018-06-30 20:03:26 UTC
Added to 8.5.x for 8.5.32 onwards.