You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Ragavendhiran Bhiman (rabhiman)" <ra...@cisco.com.INVALID> on 2022/09/26 06:54:48 UTC
certificate re-loading for apache tomcat without the apache restart
Hi All,
I have a scenario where I need to reload the certificates which are newly updated in the NSS DB without restarting the apache – tomcat.
Is there any way to do it?
Kindly share some piece of code to achieve the reloading of the certificates without restarting the apache tomcat service itself.
Note : Trial from my side : Tried to restart the Apache connector, but still it is reloading the old certificates only and not the new certificates.
If possible how to achieve the loading of the new one?
Many Thanks for your help.
Regards,
Raghavendran
Re: certificate re-loading for apache tomcat without the apache restart
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Raghavendran,
On 9/26/22 7:43 AM, Ragavendhiran Bhiman (rabhiman) wrote:
> Is there any way to reload new certificates as well with restarting the tomcat services?
Yes, but you will have to use JMX to essentially re-configure the
connector, and then reload/restart it.
> The mail below explains the modification of certificates only considered and not the new ones.
> Our scenario is to load new certificates as well if the nssdb got changed dynamically.
Usually a "new" certificate would be one that doesn't just replace an
existing one, but requires a separate <Connector>, etc.
Maybe if you explain what you are really trying to do, we could give you
better help.
-chris
> From: Ivano Luberti <lu...@archicoop.it.INVALID>
> Date: Monday, 26 September 2022 at 12:51 PM
> To: users@tomcat.apache.org <us...@tomcat.apache.org>
> Subject: Re: certificate re-loading for apache tomcat without the apache restart
> Agree
>
> Here you can find documentation of what Peter says
>
> https://tomcat.apache.org/tomcat-10.0-doc/manager-howto.html#Reload_TLS_configuration
>
> using a call to the manager app.
>
> It doesn't take into account new certificates but only existing ones,
> because it dosn't reparse server.xml
>
> Il 26/09/2022 09:18, logo@kreuser.name ha scritto:
>> Raghavendran,
>>
>>> Am 26.09.2022 um 08:54 schrieb Ragavendhiran Bhiman (rabhiman)<ra...@cisco.com.INVALID>:
>>>
>>> Hi All,
>>>
>>> I have a scenario where I need to reload the certificates which are newly updated in the NSS DB without restarting the apache – tomcat.
>>> Is there any way to do it?
>>>
>>> Kindly share some piece of code to achieve the reloading of the certificates without restarting the apache tomcat service itself.
>>>
>>>
>> curl -u <user> -p <passw> "https://myserver.mydomain/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=<connector port>&op=reloadSslHostConfig&ps=<domain>"
>>
>> you need that <user> with at least roles="manager-jmx" in tomcat-users.xml
>>
>>
>>> Note : Trial from my side : Tried to restart the Apache connector, but still it is reloading the old certificates only and not the new certificates.
>>> If possible how to achieve the loading of the new one?
>>>
>>>
>>> Many Thanks for your help.
>>>
>>> Regards,
>>>
>>> Raghavendran
>>>
>> Hope this helps
>>
>> Peter
> --
>
> Archimede Informatica tratta i dati personali in conformità a quanto
> stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
> 2003 n. 196
> per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
> Informativa completa
> <http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPersonali.pdf>
>
> dott. Ivano Mario Luberti
>
> Archimede Informatica società cooperativa a r. l.
> Via Gereschi 36, 56127 Pisa
>
> tel.: +39 050/580959 | fax: +39 050/8932061
>
> web: www.archicoop.it<http://www.archicoop.it>
> linkedin: www.linkedin.com/in/ivanoluberti<http://www.linkedin.com/in/ivanoluberti>
> facebook: www.facebook.com/archimedeinformaticapisa/<http://www.facebook.com/archimedeinformaticapisa/>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: certificate re-loading for apache tomcat without the apache restart
Posted by "Ragavendhiran Bhiman (rabhiman)" <ra...@cisco.com.INVALID>.
Is there any way to reload new certificates as well with restarting the tomcat services?
The mail below explains the modification of certificates only considered and not the new ones.
Our scenario is to load new certificates as well if the nssdb got changed dynamically.
Thanks & Regards,
Raghavendran
From: Ivano Luberti <lu...@archicoop.it.INVALID>
Date: Monday, 26 September 2022 at 12:51 PM
To: users@tomcat.apache.org <us...@tomcat.apache.org>
Subject: Re: certificate re-loading for apache tomcat without the apache restart
Agree
Here you can find documentation of what Peter says
https://tomcat.apache.org/tomcat-10.0-doc/manager-howto.html#Reload_TLS_configuration
using a call to the manager app.
It doesn't take into account new certificates but only existing ones,
because it dosn't reparse server.xml
Il 26/09/2022 09:18, logo@kreuser.name ha scritto:
> Raghavendran,
>
>> Am 26.09.2022 um 08:54 schrieb Ragavendhiran Bhiman (rabhiman)<ra...@cisco.com.INVALID>:
>>
>> Hi All,
>>
>> I have a scenario where I need to reload the certificates which are newly updated in the NSS DB without restarting the apache – tomcat.
>> Is there any way to do it?
>>
>> Kindly share some piece of code to achieve the reloading of the certificates without restarting the apache tomcat service itself.
>>
>>
> curl -u <user> -p <passw> "https://myserver.mydomain/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=<connector port>&op=reloadSslHostConfig&ps=<domain>"
>
> you need that <user> with at least roles="manager-jmx" in tomcat-users.xml
>
>
>> Note : Trial from my side : Tried to restart the Apache connector, but still it is reloading the old certificates only and not the new certificates.
>> If possible how to achieve the loading of the new one?
>>
>>
>> Many Thanks for your help.
>>
>> Regards,
>>
>> Raghavendran
>>
> Hope this helps
>
> Peter
--
Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
2003 n. 196
per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa
<http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPersonali.pdf>
dott. Ivano Mario Luberti
Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa
tel.: +39 050/580959 | fax: +39 050/8932061
web: www.archicoop.it<http://www.archicoop.it>
linkedin: www.linkedin.com/in/ivanoluberti<http://www.linkedin.com/in/ivanoluberti>
facebook: www.facebook.com/archimedeinformaticapisa/<http://www.facebook.com/archimedeinformaticapisa/>
Re: certificate re-loading for apache tomcat without the apache restart
Posted by Ivano Luberti <lu...@archicoop.it.INVALID>.
Agree
Here you can find documentation of what Peter says
https://tomcat.apache.org/tomcat-10.0-doc/manager-howto.html#Reload_TLS_configuration
using a call to the manager app.
It doesn't take into account new certificates but only existing ones,
because it dosn't reparse server.xml
Il 26/09/2022 09:18, logo@kreuser.name ha scritto:
> Raghavendran,
>
>> Am 26.09.2022 um 08:54 schrieb Ragavendhiran Bhiman (rabhiman)<ra...@cisco.com.INVALID>:
>>
>> Hi All,
>>
>> I have a scenario where I need to reload the certificates which are newly updated in the NSS DB without restarting the apache – tomcat.
>> Is there any way to do it?
>>
>> Kindly share some piece of code to achieve the reloading of the certificates without restarting the apache tomcat service itself.
>>
>>
> curl -u <user> -p <passw> "https://myserver.mydomain/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=<connector port>&op=reloadSslHostConfig&ps=<domain>"
>
> you need that <user> with at least roles="manager-jmx" in tomcat-users.xml
>
>
>> Note : Trial from my side : Tried to restart the Apache connector, but still it is reloading the old certificates only and not the new certificates.
>> If possible how to achieve the loading of the new one?
>>
>>
>> Many Thanks for your help.
>>
>> Regards,
>>
>> Raghavendran
>>
> Hope this helps
>
> Peter
--
Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
2003 n. 196
per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa
<http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPersonali.pdf>
dott. Ivano Mario Luberti
Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa
tel.: +39 050/580959 | fax: +39 050/8932061
web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/
Re: certificate re-loading for apache tomcat without the apache restart
Posted by lo...@kreuser.name.
Raghavendran,
> Am 26.09.2022 um 08:54 schrieb Ragavendhiran Bhiman (rabhiman) <ra...@cisco.com.INVALID>:
>
> Hi All,
>
> I have a scenario where I need to reload the certificates which are newly updated in the NSS DB without restarting the apache – tomcat.
> Is there any way to do it?
>
> Kindly share some piece of code to achieve the reloading of the certificates without restarting the apache tomcat service itself.
>
>
curl -u <user> -p <passw> "https://myserver.mydomain/manager/jmxproxy?invoke=Catalina:type=ProtocolHandler,port=<connector port>&op=reloadSslHostConfig&ps=<domain>"
you need that <user> with at least roles="manager-jmx" in tomcat-users.xml
>
> Note : Trial from my side : Tried to restart the Apache connector, but still it is reloading the old certificates only and not the new certificates.
> If possible how to achieve the loading of the new one?
>
>
> Many Thanks for your help.
>
> Regards,
>
> Raghavendran
>
Hope this helps
Peter