Is Policy Server restart required after importing certificates ?

Document ID : KB000022673
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Is it required to restart policy server after importing certificate into policy server key database (smkeydatabase)?

Answer:Ā 

After a certificate is added to the key store the policy server does not pick it up right away. The policy server process periodically polls the key database for changes and reloads the key store in-memory copy when its content changes. There is a configurable parameter called 'DBUpdateFrequencyMinutes' that controls the poll interval. This parameter can be located in smkeydatabase.properties file in properties folder at policy server. By default it is set to 60 minutes. Decreasing this value will result in a more frequent reload but may impact performance. In order for the policy server to pick up a new certificate right away the process needs to be restarted.

The choice for the poll interval value primarily depends on how frequent you want to import new certificates and how fast you want the certificates to be loaded by the policy server process. If you import new certificates as one big batch then it might make sense to restart the policy server instead of reducing the poll interval. If you import new certificates one-by-one infrequently then the poll interval values needs to be set according to how often you would like the new certificates to be loaded by the policy server.