问题
I am using embedded Tomcat and using SSLHostConfig to add SNI certificates when I create the connector. It works wonderfully.
I am also able to add certificates without restarting Tomcat using something like this:
SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig2.setHostName(host);
sslHostConfig2.setCertificateFile(path);
connector.addSslHostConfig(sslHostConfig);
This also works perfectly.
Also, without restarting Tomcat, I can get a list of all the existing SSLHostConfig instances using this:
SSLHostConfig[] sslHostConfigs = connector.findSslHostConfigs();
However, I couldn't figure out how to update or delete an existing SSLHostConfig instance. Setting it to null in the array doesn't work. Also, replacing it in the array with a new SSLHostConfig instance doesn't work either.
Is there a way to delete or modify an SSLHostConfig instance without restarting Tomcat?
Thanks.
回答1:
To update an SSLHostConfig with a new certificate file (which was referenced when creating it originally), this works:
Http11NioProtocol protocol (Http11NioProtocol)connector.getProtocolHandler();
protocol.reloadSslHostConfig(host);
Of course this assumes that you are using the Http11NioProtocol as the protocol handler for your connector.
来源:https://stackoverflow.com/questions/57997242/embedded-tomcat-update-delete-certificates-without-restarting