I'm guessing this is working as designed due to java in general. I have a LDAP driver that the trusted CA expired for. I put a new keystore on the file system (Netware and IDM 3.5.0) and changed the driver config to point to that keystore, but no dice. I had to cycle the directory (aka the server) to get it to pick up the new keystore.
This is similar to the issue I had with the Peoplesoft shim. I'm guessing this is in the shim, but is this expected?