nats-server icon indicating copy to clipboard operation
nats-server copied to clipboard

Published 20 hours ago verified publisher icon nats-io

Windows: automatically use new TLS material from the trust store

Open philpennock opened this issue 3 weeks ago • 0 comments

Proposed change

On Windows, it's not "natural" to have to send a running server a signal to tell it to pick up on changes. If the nats-server has been set to cert_store: WindowsLocalMachine (per https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-39.md) then the nats-server should be automatically picking up on changes to the keying or certificate material, and reloading to use it.

The certificates in Windows appear to have metadata reflected into the Registry, and you can register a listener to receive WMI Registry Events (hopefully a filtered view?), so it should be possible to wire something into the same channel logic as is used to pick up on reload signals.

Use case

  • Windows administrators having a natural experience when running a nats-server.
  • Security changes not being picked up upon
  • NATS Servers continuing to use valid certificates

Contribution

No response

philpennock avatar Jun 13 '24 16:06 philpennock