At my site an incoming SSL connection is succesfully created on JBoss 5.1.0 (Tomcat). That works OK.

Afterwards the certificate used is removed from the truststore.

After that(surprisingly) a new connection can still be created from the same source,
even after JaasSecurityDomain.reloadKeyAndTrustStore is invoked via Jmx.

So the removal of the certificate is not not noticed.
JBoss must be restarted to notice added / removed certificates in truststore.

That is not acceptable as we require 7x24 operation.
Question: why is JaasSecurityDomain.reloadKeyAndTrustStore not working as expected?