Bug 61565 - Manager interface for reloading TLS config
Summary: Manager interface for reloading TLS config
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Manager (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2017-09-26 15:27 UTC by Nick Burch
Modified: 2018-06-30 20:03 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Nick Burch 2017-09-26 15:27:25 UTC
For an installation of Tomcat with JMX turned off, it would be nice to have an alternate way to request a graceful reload of the TLS configuration (eg for a renewed certificate)

Having an option in the Manager seems a good way to permit this for admins-only, with no JMX
Comment 1 Christopher Schultz 2018-01-04 15:38:55 UTC
Since Tomcat 8.5.24 and similar Tomcat 9.0.x, the endpoint class contains these new methods:

reloadSslHostConfig(String hostName)

[ref: https://lists.apache.org/thread.html/79f8d5201990b57fc781c6e40730888934b3d57ce7bd7509720ef8e2@%3Cusers.tomcat.apache.org%3E]

It seems this makes this enhancement much easier to accomplish, though there may not be a natural place to show such an operation (e.g. the "endpoints" aren't shown on the manager page).

Where were you thinking you'd like these "reload TLS config" options to be offered?
Comment 2 Remy Maucherat 2018-01-04 15:58:26 UTC
Mark did it in r1818127 although I didn't test it.
Comment 3 Mark Thomas 2018-01-04 17:11:34 UTC
I was working on this just before I went on PTO for the holiday period. Looks like I forgot to resolve this once I committed the feature. Sorry for any confusion.
Comment 4 Mark Thomas 2018-06-30 20:03:26 UTC
Added to 8.5.x for 8.5.32 onwards.