Openfire watches its certificate stores for changes, reloading them if outside changes have been detected. The relevant implementation is in CertificateStoreWatcher
There are scenarios in which the 'watch/reload' behavior is unwanted. An option should be added that can be used to disable the watcher.