You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Umesh Kudale <uk...@egain.com.INVALID> on 2023/02/06 14:19:19 UTC
ActiveMQ classic: Reload SSL keystore without restarting the broker
Hi,
I am using activemq 5.17.1 with SSL configured as per instructions given into this page: https://activemq.apache.org/how-do-i-use-ssl. Whenever the certificate/key in the SSL keystore is changed, I want to reload it into activemq broker without restarting the broker. I think we can do it in activemq artemis by reloading the configurations but didn't find any way to do so in activemq classic. Could anyone please help me here?
Note that I am using activemq in standalone mode (NOT embedded), so all the SSL configurations are present in conf/activemq.xml.
Thanks in advance,
Umesh.
Re: EXTERNAL- Re: ActiveMQ classic: Reload SSL keystore without restarting the broker
Posted by Justin Bertram <jb...@apache.org>.
I'm not really sure what you're asking. In _what_ case would all new
connections start using the new cert while existing connections would
continue using the old cert? As noted previously, ActiveMQ "Classic"
doesn't support reloading the certificate so this wouldn't happen.
Justin
On Tue, Feb 7, 2023 at 12:41 AM Umesh Kudale <uk...@egain.com.invalid>
wrote:
> Thanks Justin.
>
> Could you please answer my second question:
>
> Also, from the SO post I am guessing that in this case all the new
> connections would start using new cert, while existing connections would
> continue using old cert. Is that correct?
>
>
> Umesh
> ________________________________
> From: Justin Bertram <jb...@apache.org>
> Sent: Tuesday, February 7, 2023 9:34:08 AM
> To: users@activemq.apache.org <us...@activemq.apache.org>
> Subject: Re: EXTERNAL- Re: ActiveMQ classic: Reload SSL keystore without
> restarting the broker
>
> To my knowledge there are no plans to implement this functionality. I
> certainly don't have any plans to do it. Given that, I can't really comment
> on how the potential implementation would function.
>
> Of course, one of the great things about Open Source is that anybody can
> submit a PR for this functionality.
>
>
> Justin
>
> On Mon, Feb 6, 2023 at 9:39 PM Umesh Kudale <uk...@egain.com.invalid>
> wrote:
>
> > Hi Justin,
> >
> > Is there any plan to patch activemq to support runtime reload of SSL
> > keystore?
> >
> > Also, from the SO post I am guessing that in this case all the new
> > connections would start using new cert, while existing connections would
> > continue using old cert. Is that correct?
> >
> >
> > Umesh
> > ________________________________
> > From: Justin Bertram <jb...@apache.org>
> > Sent: Monday, February 6, 2023 8:15:32 PM
> > To: users@activemq.apache.org <us...@activemq.apache.org>
> > Subject: EXTERNAL- Re: ActiveMQ classic: Reload SSL keystore without
> > restarting the broker
> >
> >
> > CAUTION: This email originated from outside eGain. Do not click links or
> > open attachments unless you can verify the sender and know the content is
> > safe.
> >
> >
> > As far as I'm aware this isn't possible in ActiveMQ "Classic." The
> general
> > recommendation is to restart the broker. Read more here [1].
> >
> >
> > Justin
> >
> > [1]
> >
> >
> https://stackoverflow.com/questions/54671347/activemq-ssl-reload-truststore-with-out-restart-broker
> >
> > On Mon, Feb 6, 2023 at 8:19 AM Umesh Kudale <uk...@egain.com.invalid>
> > wrote:
> >
> > > Hi,
> > >
> > > I am using activemq 5.17.1 with SSL configured as per instructions
> given
> > > into this page: https://activemq.apache.org/how-do-i-use-ssl. Whenever
> > > the certificate/key in the SSL keystore is changed, I want to reload it
> > > into activemq broker without restarting the broker. I think we can do
> it
> > in
> > > activemq artemis by reloading the configurations but didn't find any
> way
> > to
> > > do so in activemq classic. Could anyone please help me here?
> > >
> > > Note that I am using activemq in standalone mode (NOT embedded), so all
> > > the SSL configurations are present in conf/activemq.xml.
> > >
> > > Thanks in advance,
> > > Umesh.
> > >
> > >
> >
>
Re: EXTERNAL- Re: ActiveMQ classic: Reload SSL keystore without restarting the broker
Posted by Umesh Kudale <uk...@egain.com.INVALID>.
Thanks Justin.
Could you please answer my second question:
Also, from the SO post I am guessing that in this case all the new connections would start using new cert, while existing connections would continue using old cert. Is that correct?
Umesh
________________________________
From: Justin Bertram <jb...@apache.org>
Sent: Tuesday, February 7, 2023 9:34:08 AM
To: users@activemq.apache.org <us...@activemq.apache.org>
Subject: Re: EXTERNAL- Re: ActiveMQ classic: Reload SSL keystore without restarting the broker
To my knowledge there are no plans to implement this functionality. I
certainly don't have any plans to do it. Given that, I can't really comment
on how the potential implementation would function.
Of course, one of the great things about Open Source is that anybody can
submit a PR for this functionality.
Justin
On Mon, Feb 6, 2023 at 9:39 PM Umesh Kudale <uk...@egain.com.invalid>
wrote:
> Hi Justin,
>
> Is there any plan to patch activemq to support runtime reload of SSL
> keystore?
>
> Also, from the SO post I am guessing that in this case all the new
> connections would start using new cert, while existing connections would
> continue using old cert. Is that correct?
>
>
> Umesh
> ________________________________
> From: Justin Bertram <jb...@apache.org>
> Sent: Monday, February 6, 2023 8:15:32 PM
> To: users@activemq.apache.org <us...@activemq.apache.org>
> Subject: EXTERNAL- Re: ActiveMQ classic: Reload SSL keystore without
> restarting the broker
>
>
> CAUTION: This email originated from outside eGain. Do not click links or
> open attachments unless you can verify the sender and know the content is
> safe.
>
>
> As far as I'm aware this isn't possible in ActiveMQ "Classic." The general
> recommendation is to restart the broker. Read more here [1].
>
>
> Justin
>
> [1]
>
> https://stackoverflow.com/questions/54671347/activemq-ssl-reload-truststore-with-out-restart-broker
>
> On Mon, Feb 6, 2023 at 8:19 AM Umesh Kudale <uk...@egain.com.invalid>
> wrote:
>
> > Hi,
> >
> > I am using activemq 5.17.1 with SSL configured as per instructions given
> > into this page: https://activemq.apache.org/how-do-i-use-ssl. Whenever
> > the certificate/key in the SSL keystore is changed, I want to reload it
> > into activemq broker without restarting the broker. I think we can do it
> in
> > activemq artemis by reloading the configurations but didn't find any way
> to
> > do so in activemq classic. Could anyone please help me here?
> >
> > Note that I am using activemq in standalone mode (NOT embedded), so all
> > the SSL configurations are present in conf/activemq.xml.
> >
> > Thanks in advance,
> > Umesh.
> >
> >
>
Re: EXTERNAL- Re: ActiveMQ classic: Reload SSL keystore without restarting the broker
Posted by Justin Bertram <jb...@apache.org>.
To my knowledge there are no plans to implement this functionality. I
certainly don't have any plans to do it. Given that, I can't really comment
on how the potential implementation would function.
Of course, one of the great things about Open Source is that anybody can
submit a PR for this functionality.
Justin
On Mon, Feb 6, 2023 at 9:39 PM Umesh Kudale <uk...@egain.com.invalid>
wrote:
> Hi Justin,
>
> Is there any plan to patch activemq to support runtime reload of SSL
> keystore?
>
> Also, from the SO post I am guessing that in this case all the new
> connections would start using new cert, while existing connections would
> continue using old cert. Is that correct?
>
>
> Umesh
> ________________________________
> From: Justin Bertram <jb...@apache.org>
> Sent: Monday, February 6, 2023 8:15:32 PM
> To: users@activemq.apache.org <us...@activemq.apache.org>
> Subject: EXTERNAL- Re: ActiveMQ classic: Reload SSL keystore without
> restarting the broker
>
>
> CAUTION: This email originated from outside eGain. Do not click links or
> open attachments unless you can verify the sender and know the content is
> safe.
>
>
> As far as I'm aware this isn't possible in ActiveMQ "Classic." The general
> recommendation is to restart the broker. Read more here [1].
>
>
> Justin
>
> [1]
>
> https://stackoverflow.com/questions/54671347/activemq-ssl-reload-truststore-with-out-restart-broker
>
> On Mon, Feb 6, 2023 at 8:19 AM Umesh Kudale <uk...@egain.com.invalid>
> wrote:
>
> > Hi,
> >
> > I am using activemq 5.17.1 with SSL configured as per instructions given
> > into this page: https://activemq.apache.org/how-do-i-use-ssl. Whenever
> > the certificate/key in the SSL keystore is changed, I want to reload it
> > into activemq broker without restarting the broker. I think we can do it
> in
> > activemq artemis by reloading the configurations but didn't find any way
> to
> > do so in activemq classic. Could anyone please help me here?
> >
> > Note that I am using activemq in standalone mode (NOT embedded), so all
> > the SSL configurations are present in conf/activemq.xml.
> >
> > Thanks in advance,
> > Umesh.
> >
> >
>
Re: EXTERNAL- Re: ActiveMQ classic: Reload SSL keystore without restarting the broker
Posted by Umesh Kudale <uk...@egain.com.INVALID>.
Hi Justin,
Is there any plan to patch activemq to support runtime reload of SSL keystore?
Also, from the SO post I am guessing that in this case all the new connections would start using new cert, while existing connections would continue using old cert. Is that correct?
Umesh
________________________________
From: Justin Bertram <jb...@apache.org>
Sent: Monday, February 6, 2023 8:15:32 PM
To: users@activemq.apache.org <us...@activemq.apache.org>
Subject: EXTERNAL- Re: ActiveMQ classic: Reload SSL keystore without restarting the broker
CAUTION: This email originated from outside eGain. Do not click links or open attachments unless you can verify the sender and know the content is safe.
As far as I'm aware this isn't possible in ActiveMQ "Classic." The general
recommendation is to restart the broker. Read more here [1].
Justin
[1]
https://stackoverflow.com/questions/54671347/activemq-ssl-reload-truststore-with-out-restart-broker
On Mon, Feb 6, 2023 at 8:19 AM Umesh Kudale <uk...@egain.com.invalid>
wrote:
> Hi,
>
> I am using activemq 5.17.1 with SSL configured as per instructions given
> into this page: https://activemq.apache.org/how-do-i-use-ssl. Whenever
> the certificate/key in the SSL keystore is changed, I want to reload it
> into activemq broker without restarting the broker. I think we can do it in
> activemq artemis by reloading the configurations but didn't find any way to
> do so in activemq classic. Could anyone please help me here?
>
> Note that I am using activemq in standalone mode (NOT embedded), so all
> the SSL configurations are present in conf/activemq.xml.
>
> Thanks in advance,
> Umesh.
>
>
Re: ActiveMQ classic: Reload SSL keystore without restarting the broker
Posted by Justin Bertram <jb...@apache.org>.
As far as I'm aware this isn't possible in ActiveMQ "Classic." The general
recommendation is to restart the broker. Read more here [1].
Justin
[1]
https://stackoverflow.com/questions/54671347/activemq-ssl-reload-truststore-with-out-restart-broker
On Mon, Feb 6, 2023 at 8:19 AM Umesh Kudale <uk...@egain.com.invalid>
wrote:
> Hi,
>
> I am using activemq 5.17.1 with SSL configured as per instructions given
> into this page: https://activemq.apache.org/how-do-i-use-ssl. Whenever
> the certificate/key in the SSL keystore is changed, I want to reload it
> into activemq broker without restarting the broker. I think we can do it in
> activemq artemis by reloading the configurations but didn't find any way to
> do so in activemq classic. Could anyone please help me here?
>
> Note that I am using activemq in standalone mode (NOT embedded), so all
> the SSL configurations are present in conf/activemq.xml.
>
> Thanks in advance,
> Umesh.
>
>