Hi Team, @dchiesa1
We have to update certificate in keytsore.jks and we have 3 message processor and 3 routers instances.
I have created keystore.jks and I have decided to follow below steps to update the certificate:
- Copy the keystore JKS file to a directory on all Message Processor server, such as /opt/apigee/customer/application
- Change permissions and ownership of the JKS file:
chown apigee:apigee /opt/apigee/customer/application/keystore.jks
chmod 600 /opt/apigee/customer/application/keystore.jks - Set the following properties in the message-processor.properties file:
# Enter the obfuscated keystore password below.
conf/message-processor-communication.properties+local.http.ssl.keystore.password=OBF:obsPword - Stop the Message-Processors and Routers (MP1 and Router1):
/opt/apigee/apigee-service/bin/apigee-service edge-message-processor stop
/opt/apigee/apigee-service/bin/apigee-service edge-router stop - On the Router, delete any files in /opt/nginx/conf.d:
rm -f /opt/nginx/conf.d/* - Start the Message-Processors and Routers:
/opt/apigee/apigee-service/bin/apigee-service edge-message-processor start
/opt/apigee/apigee-service/bin/apigee-service edge-router start - Check router and msg processor system logs
Questions:
My questions are how do we restart message processor and routers without having zero downtime. Shall I follow sequential stop and restart like mp1 and router 1 and then mp2 and router 2 and lastly mp3 and router3?
Are the above mentioned steps correct?
How do I ensure correct certificate is being used ? Can I make a call from router to message processor that validate certificate and view the certificate via any curl command?
Thanks
Sonal
LinkedIn
Twitter
