Add a management operation to allow an Elytron trust-manager to be re-initialized --------------------------------------------------------------------------------- Key: WFCORE-3970 URL: https://issues.jboss.org/browse/WFCORE-3970 Project: WildFly Core Issue Type: Feature Request Components: Security Reporter: Farah Juma Assignee: Justin Cook It is not possible to reload the certificates dynamically for Elytron's *ldap-key-store*. If some changes have been made in the certificates present in LDAP directory then EAP needs to be restarted first in order to see those changes done in LDAP directory which is not ideal for production environments. For simple file based keystores, *load* operation is available : ------------------------- [standalone@localhost:9990 /] /subsystem=elytron/key-store=twoWayKS:load() ------------------------- But this option is missing for *ldap-key-store* : ------------------------- [standalone@localhost:9990 /] /subsystem=elytron/ldap-key-store=LKS1:load() { "outcome" => "failed", "failure-description" => "WFLYCTL0031: No operation named 'load' exists at address [ (\"subsystem\" => \"elytron\"), (\"ldap-key-store\" => \"LKS1\") ]", "rolled-back" => true } ------------------------- There should be such option available to reload the content of ldap-key-store without restarting the EAP server.