| Author |
Message
|
| wibble7 |
 Posted: Thu Feb 07, 2013 2:28 am Post subject: Broker Recycle required to pick up renewed certrs? |
 |
|
Novice
Joined: 30 Apr 2012
Posts: 18
|
Hi All,
Can anyone tell me if a Message Broker 6.1 needs a full recycle when a cert is renewed that the broker wide https connector uses, or does it re query the keystore when the old one expires?
Cheers Andy |
|
| Back to top |
|
 |
| smdavies99 |
| Posted: Thu Feb 07, 2013 2:45 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
What does the infocentre say on the issue?
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| nathanw |
| Posted: Thu Feb 07, 2013 3:17 am Post subject: |
|
|
Knight
Joined: 14 Jul 2004
Posts: 550
|
Also what does your common sense tell you?
_________________
Who is General Failure and why is he reading my hard drive?
Artificial Intelligence stands no chance against Natural Stupidity.
Only the User Trace Speaks The Truth  |
|
| Back to top |
|
|
| wibble7 |
| Posted: Thu Feb 07, 2013 4:03 am Post subject: |
|
|
Novice
Joined: 30 Apr 2012
Posts: 18
|
| The infocentre doesn't say anything specifically on this, and my common sense tells me that if i had designed, implemented this, that on attempting to present a cached cert that has expired during the handshake to go back to the keystore and check/retrieve a valid one if present otherwise error. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Thu Feb 07, 2013 6:13 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
|
| Back to top |
|
|
| wibble7 |
| Posted: Thu Feb 07, 2013 7:06 am Post subject: |
|
|
Novice
Joined: 30 Apr 2012
Posts: 18
|
| I did look thanks, you've pointed me at whats required fo the initial setup, that was done a long time ago and we have now come to renewal time. We've put the renewed certs in the keystore already. What we want to know is does the broker need a recycle to pick up the new cert or will it know the cert in its cache has expired and go back to the store to get the new one. |
|
| Back to top |
|
|
| nathanw |
| Posted: Thu Feb 07, 2013 7:11 am Post subject: |
|
|
Knight
Joined: 14 Jul 2004
Posts: 550
|
basically the config has changed and therefore the cache of the broker will stay the same unless it is re-started and it picks up the new config, just like any other external config change.
_________________
Who is General Failure and why is he reading my hard drive?
Artificial Intelligence stands no chance against Natural Stupidity.
Only the User Trace Speaks The Truth |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Feb 07, 2013 7:12 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| wibble7 wrote: |
| you've pointed me at whats required fo the initial setup |
At least he managed to get the right version of the info center.
| wibble7 wrote: |
| What we want to know is does the broker need a recycle to pick up the new cert or will it know the cert in its cache has expired and go back to the store to get the new one. |
His implication is that if you have to restart the broker to get it to see a new certification, you have to restart it to get it to see a renewed certificate. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Thu Feb 07, 2013 7:40 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
| mqjeff wrote: |
| wibble7 wrote: |
| What we want to know is does the broker need a recycle to pick up the new cert or will it know the cert in its cache has expired and go back to the store to get the new one. |
His implication is that if you have to restart the broker to get it to see a new certification, you have to restart it to get it to see a renewed certificate. |
W-O-R-D-!
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
| wibble7 |
| Posted: Fri Feb 08, 2013 2:28 am Post subject: |
|
|
Novice
Joined: 30 Apr 2012
Posts: 18
|
mqjeff, who got the right version of the info centre? I'd already looked at that and as I've mentioned thats for intial setup.
would it not also be better to answer the question rather than imply something.
Is that definate that it needs a recycle to pick up the new cert under these circumstances? Do you know from experiance or are you reading between the lines and guessing at whats been implied?
Assumptions are the mother of all cock ups? And i'd rather see it explicitly in black and white rather than read between the lines. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Feb 08, 2013 3:34 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| wibble7 wrote: |
| mqjeff, who got the right version of the info centre? I'd already looked at that and as I've mentioned thats for intial setup. |
I meant lancelotlinc. I was complimenting him for noticing that you'd said 6.1, and had managed to post a link to the 6.1 info center, rather than 6.0 or 7 or etc.
| wibble7 wrote: |
| would it not also be better to answer the question rather than imply something. |
I suppose it depends on your definition of better?
But yes, if one is intending to be helpful.
| wibble7 wrote: |
Is that definate that it needs a recycle to pick up the new cert under these circumstances? Do you know from experiance or are you reading between the lines and guessing at whats been implied?
Assumptions are the mother of all cock ups? And i'd rather see it explicitly in black and white rather than read between the lines. |
Usually when I find the documentation is unclear, and I need explicit answers, I run experiments.
Then I either file a feedback against the documentation or open a PMR to get further clarity.
These are both things I feel I can trust, rather than noise from the internet.
If I have done anything with 6.1 and certificates, it's been long enough ago that I do not rely on my experiential memory to say "it works this way". |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Fri Feb 08, 2013 5:56 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
| wibble7 wrote: |
| would it not also be better to answer the question rather than imply something. |
Would it not have been better for you to spend 64 seconds to cycle the Broker runtime and find out that it worked?
Why not save your forum posting for real brain teasers, like strategies people use for caching message objects in a request-reply scenario and whether or not to use MsgId, CorrelId, or both?
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
| wibble7 |
| Posted: Fri Feb 08, 2013 6:19 am Post subject: |
|
|
Novice
Joined: 30 Apr 2012
Posts: 18
|
mqjeff, thankyou for acknowledging my points in a civilised mannor.
lancelotlinc, due to the number od services we have it takes longer than 64 seconds to recycle and would you go gun ho into a production environment like that.
We are already advanced in the use of caching objects and config and the in the use of Correl ID's and Message ID's thanks.
I asked the question on here becasue I was led to believe it had professionals helping other professionals, in a ideal world it would be tested before hand but we don't have the timsecales available to do that and a PMR as a first point seems a bit overkill given the maturity of SSL. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Fri Feb 08, 2013 6:31 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
|
| Back to top |
|
|
|
|
