Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rabbitmq reload/refresh new certificates without restart

I am using self signed certificates in my Rabbitmq server and the broker is started successfully with SSL port. I am now trying to renew / use new SSL certificates, SSL key and truststore but I do not want to restart the running rabbitmq server as my application should run continously. I checked online for solutions to refresh / reload the erlang/rabbitmq on the runtime to read/reload these new SSL certificates and I stumbled upon few links where they suggested to use - rabbitmqctl eval "ssl:stop(), ssl:start()." to reload certs.

The command worked fine and the new SSL certs were refreshed without rabbitmq restart, but the Consumers / connections were RESET because of which my application cannot read the messages from the queues anymore.

Can you please help me with this issue? I like to reload the new SSL certificates without restarting my rabbitmq or application and the rabbitmq must work fine with my application without any connection reset. If not kindly suggest me on how to re-establish the connections back again so that my application runs as expected.

like image 544
Arun kumar R Avatar asked Jul 04 '18 06:07

Arun kumar R


1 Answers

Turns out newer versions of Erlang auto-update their PEM cache, so all you need to do is put the new certificate in place and then wait for a few minutes.

If you need to force the use of the new certificate sooner, you can use

rabbitmqctl eval 'ssl:clear_pem_cache().'

And this will reload the certificate without disconnecting any publishers or consumers.

like image 111
morloch Avatar answered Nov 25 '22 03:11

morloch