With any change to the SSL certificates (in its keystore), we need to restart the spring boot application. I want to update my key store entry periodically (may be every year), but want to avoid restarting the JVM. What would it take to achieve it. I wonder if writing custom KeyManager is an acceptable practice?
Unfortunately, this is not possible.
You have several solutions here.
You can restart
Tomcat connector i.e. restart
8843 is possible after you change your
But I think that it is still a hack.
This is a way to go. Your application should be behind some reverse proxy (e.g.
nginx). This will give you an additional flexibility and reduce load on your app.
Nginx will handle
https and translate it to plain
http. Anyway, you'll have to restart
nginx restart is so fast that it will be no downtime. Moreover, you could configure script to do this for you.