Hi Team, @dchiesa1
We have to update certificate in keytsore.jks and we have 3 message processor and 3 routers instances.
I have created keystore.jks and I have decided to follow below steps to update the certificate:
Questions:
My questions are how do we restart message processor and routers without having zero downtime. Shall I follow sequential stop and restart like mp1 and router 1 and then mp2 and router 2 and lastly mp3 and router3?
Are the above mentioned steps correct?
How do I ensure correct certificate is being used ? Can I make a call from router to message processor that validate certificate and view the certificate via any curl command?
Thanks
Sonal
Interesting steps and may be used early apigee versions..
What certificate are we referring here? Is it Virtual Host certificate or in general SSL certs on the platform?
Can we not just simply follow below & certificate updates are always little interesting ( in most of versions on opdk atleast & end-up restarts)
https://docs.apigee.com/api-platform/system-administration/update-or-replace-ssl-certificate
For the sequence you have it correct but cross check below once
https://docs.apigee.com/private-cloud/v4.19.01/starting-stopping-and-restarting-apigee-edge
For validation you can check /opt/nginx/conf.d/<<org>>_<<env>>_<<vhname>>.pem path to validate if it is reflected & validate using curl.