Hi,
I’m testing automatic certificate reloading, but it doesn’t seem to be working. My SSL setup is running correctly, and when I update cert.pem, key.pem, and keystore.p12, Axon Server (Community Edition) Reloads the gRPC serticifate on 8024 but does not reload Tomcat certificate from updated keystore.p12
Is there a reason why this might not be working? I don’t see any specific configuration required for cert reloading, so I’m kind of stuck.
Any ideas?
Could you share the properties you’ve used in axonserver.properties to enable SSL?
I enabled these 2 :
axoniq.axonserver.ssl.enabled=true
axoniq.axonserver.ssl.cert-chain-file=/opt/vault/axon_server/axon_server_cert.pem
axoniq.axonserver.ssl.private-key-file=/opt/vault/axon_server/axon_server_pkey.pem
security.require-ssl=true
server.ssl.key-store=/opt/axon_server/keystore.p12
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=xxxxxxxx
server.ssl.key-alias=axon-keystore
What i do is I use Vault Agent to update new .pem files then in Vault Agent template i use a command to re-generate the keystore.p12 file.