SocketAppender is not able to reload key and certs

Hi,

We try to use log4j2 with SocketAppender and SSL configuration to stream our logs to a dedicated server side. We use mTLS to establish a TLS connection between the Log4j2 and the log server. In other words, there are client key pair and certificate. In our environment, our client certificate is short lived and the client key and certificate are automatically renewed periodically.´And the client credentials are provided within a jks file.

However, we discovered a problem is that Log4j2 is not able to reload the key and certificate once they are renewed, either with an updating on the current jks file, or switching to another jks file.

We have tried to set monitor-interval in Configuration part, periodically modify the log4j2 configuration file(e.g., update keystore file path, update appender name etc.), and even invoke reconfiguration in our code but unfortunately the key and certificate are not reloaded correctly.

We understand Log4j2 SslSocketManager and its parent TcpSocketManager basically keeps a long-lived connection with the server and does not start a new connection if the current one works fine. We observe the problem that once the server tears down the connection, Log4j2 is not able to restablish a connection due to the out-dated client certificate.