add something about rotating cert for mTLS #1971

johanandren · 2024-09-03T08:42:17Z

In the Akka HTTP docs we have https://doc.akka.io/docs/akka-http/current/server-side/server-https-support.html#rotating-certificates showing how to create a HttpsConnectionContext with cert rotation but it might not be obvious how to find and set that up. We should either link to that from the mTLS docs page or show an example here as well.

The text was updated successfully, but these errors were encountered:

patriknw · 2024-09-03T13:47:57Z

This isn't only about docs. Something is missing for a client with rotating certs. We have:

GrpcClientSettings
            .connectToServiceAt(host, port)
            .withSslContext(sslContext)

That sslContext instance is reading the certs when created, so it will not be refreshed for new connections.

We are missing something like:

withRefreshingSslContext(creator: () => SSLContext)

that can be used together with SSLContextFactory.refreshingSSLContextProvider.

(how to implement this is a more difficult question)

johanandren · 2025-01-22T10:02:33Z

Was added in #1972 (released in 2.5.0)

johanandren added the docs label Sep 3, 2024

patriknw changed the title ~~Docs: add something about rotating cert for mTLS~~ add something about rotating cert for mTLS Sep 3, 2024

patriknw added the client label Sep 3, 2024

johanandren closed this as completed Jan 22, 2025

Provide feedback