Dynamic configuration updates in SSL
During the Secure Sockets Layer (SSL) runtime, dynamic configuration updates affect both inbound and outbound SSL endpoints. For inbound SSL endpoints, the changes that are implemented by the SSL channel are only affected by dynamic changes. For outbound SSL endpoints, all outbound connections inherit the new configuration changes.
In this release, dynamic update functionality provides you with greater flexibility and efficiency. You can change SSL configurations without restarting WebSphere® Application Server for the changes to take effect.
To make dynamic changes, in the administrative console click Dynamically update the runtime when SSL configuration changes occur check box. You must save your changes and then synchronize the security.xml file with remote systems. A remote system must be able to confirm that dynamicallyUpdateSSLConfig=true is in the security.xml file.
, then select theThe SSL runtime reloads the modified SSL configuration and creates a new SSLEngine for the modified connections that are associated with inbound endpoints. New outbound connections use the new configuration while existing connections continue to use the old SSLEngine object and are not affected.
- Set dynamicallyUpdateSSLConfig=On.
- Save the updated configuration.
- Synchronize the security.xml file with remote systems.
- Set the dynamicallyUpdateSSLConfig attribute to Off.