[
https://issues.apache.org/jira/browse/GEODE-9017?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron Lindsey resolved GEODE-9017.
----------------------------------
Fix Version/s: 1.15.0
Resolution: Fixed
> Reload key store and trust store upon change
> --------------------------------------------
>
> Key: GEODE-9017
> URL: https://issues.apache.org/jira/browse/GEODE-9017
> Project: Geode
> Issue Type: New Feature
> Reporter: Aaron Lindsey
> Assignee: Aaron Lindsey
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.15.0
>
>
> [Link to
> RFC|https://cwiki.apache.org/confluence/display/GEODE/Make+key+and+trust+stores+reload+automatically+upon+change]
> (The below text is copied from the RFC document.)
> h3. Problem
> Currently, in order to rotate certificates each member of the cluster needs
> to be restarted to load new certs and trust. It would be preferable if
> certificates can be rotated without having to restart members.
> h3. Solution
> When starting up a cluster member we currently read the TLS configuration
> which, when TLS is enabled has key and trust store files defined. In case
> those files are defined they are read, and the information inside them is
> loaded into the key and trust manager objects that are loaded into the
> SSLContext.
> This solution will introduce wrapper objects for the key and trust managers
> and file/directory watcher(s) that can detect changes to the key and trust
> store files. When key and trust store files are changed this will trigger a
> reload into key and trust managers and through the wrapper objects these new
> key and trust managers will be injected into the SSLContext so that the
> context can start using the new key and trust managers in process.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
