This tutorial walks through the process of configuring your server or HTTP client to enable hot reloading of the SSL configuration at runtime. This will result in no longer restarting your server when the certificates need to be updated, and you won’t need to recreate your HTTP client when you want to use your new certificates. In this tutorial, we will cover only a Spring Boot application with Jetty as an embedded server to demonstrate the basic configuration and the different ways to trigger an update. However, every server or HTTP client which uses a SSLContext, SSLServerSocketFactory/SSLSocketFactory, TrustManager or KeyManager to configure SSL can also enable hot reloading, including Scala and Kotlin-based servers and HTTP clients.
The hot reloading mechanism is provided by the SSLContext Kickstart library and all of the code examples shown in this tutorial can also be found on GitHub: Java Tutorials.