I am guessing that what you are referring is to the "crlFile" setting on the JSSE Connector in tomcat server.xml. Is that correct? The current implementation of the tomcat socket factory does a load of the crl file when tomcat starts. http://svn.apache.org/repos/asf/tomcat/connectors/trunk/util/java/org/apa... This is the classic problem that exists in the tomcat infrastructure that any changes to server.xml including any files that may be related to the tomcat server configuration, requires a restart. For JBoss, we have had a feature request for a long time now. https://jira.jboss.org/jira/browse/JBAS-3019 Vote on this JIRA issue if you want to raise the priority. What is really needed is a JBoss version of the JDK TrustManager implementation that can lazily load CRL Files, that can be plugged in at the JVM level, such that not only the https layer but also RMI/SSL etc can make use of CRL validation. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4166108#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...