问题描述

我正在使用嵌入式Tomcat，并在创建连接器时使用SSLHostConfig添加SNI证书.效果很好.

I am using embedded Tomcat and using SSLHostConfig to add SNI certificates when I create the connector. It works wonderfully.

我还可以添加证书，而无需使用以下方式重新启动Tomcat:

I am also able to add certificates without restarting Tomcat using something like this:

SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig2.setHostName(host);
sslHostConfig2.setCertificateFile(path);
connector.addSslHostConfig(sslHostConfig);

这也很完美.

此外，无需重新启动Tomcat，就可以使用以下命令获取所有现有SSLHostConfig实例的列表:

Also, without restarting Tomcat, I can get a list of all the existing SSLHostConfig instances using this:

SSLHostConfig[] sslHostConfigs = connector.findSslHostConfigs();

但是，我不知道如何更新或删除现有的SSLHostConfig实例.在数组中将其设置为null无效.同样，用新的SSLHostConfig实例在数组中替换它也不起作用.

However, I couldn't figure out how to update or delete an existing SSLHostConfig instance. Setting it to null in the array doesn't work. Also, replacing it in the array with a new SSLHostConfig instance doesn't work either.

是否可以在不重新启动Tomcat的情况下删除或修改SSLHostConfig实例?

Is there a way to delete or modify an SSLHostConfig instance without restarting Tomcat?

谢谢.

推荐答案

要使用新的证书文件(最初在创建该证书时已引用)更新SSLHostConfig，则可以这样做:

To update an SSLHostConfig with a new certificate file (which was referenced when creating it originally), this works:

    Http11NioProtocol protocol (Http11NioProtocol)connector.getProtocolHandler();
    protocol.reloadSslHostConfig(host);

当然，这假定您使用Http11NioProtocol作为连接器的协议处理程序.

Of course this assumes that you are using the Http11NioProtocol as the protocol handler for your connector.

这篇关于嵌入式Tomcat-更新/删除证书而无需重新启动的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！