Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows: automatically use new TLS material from the trust store #5531

Open
philpennock opened this issue Jun 13, 2024 · 0 comments
Open

Windows: automatically use new TLS material from the trust store #5531

philpennock opened this issue Jun 13, 2024 · 0 comments
Labels
proposal Enhancement idea or proposal

Comments

@philpennock
Copy link
Member

Proposed change

On Windows, it's not "natural" to have to send a running server a signal to tell it to pick up on changes. If the nats-server has been set to cert_store: WindowsLocalMachine (per https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-39.md) then the nats-server should be automatically picking up on changes to the keying or certificate material, and reloading to use it.

The certificates in Windows appear to have metadata reflected into the Registry, and you can register a listener to receive WMI Registry Events (hopefully a filtered view?), so it should be possible to wire something into the same channel logic as is used to pick up on reload signals.

Use case

  • Windows administrators having a natural experience when running a nats-server.
  • Security changes not being picked up upon
  • NATS Servers continuing to use valid certificates

Contribution

No response
@philpennock philpennock added the proposal Enhancement idea or proposal label Jun 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
proposal Enhancement idea or proposal
1 participant
@philpennock