Openfire detects changes to its keystores, and reloads the various services that use them. This, for example, allows the CertificateManager plugin to update Openfire's security certificates dynamically.

One element that does not automatically get updated after keystore changes is the webserver that is serving the admin console (which also can serve other web content). This is a conscious choice, as the admin console can be used to update the keystores. It would be very undesirable to have the admin user be logged out as a result of applying a change to the keystores. To work around this issue, the admin console remains unchanged when a keystore change is detected (although a warning will be displayed, telling an admin to restart things).

An improvement must be made in which the admin console's webservice can be updated when the keystores are changed in a way other than through the admin console.