Certificate upgrade in Ignite Cluster

classic Classic list List threaded Threaded
4 messages Options
Ankit Singhai Ankit Singhai
Reply | Threaded
Open this post in threaded view
|

Certificate upgrade in Ignite Cluster

Hello,
We are running Ignite Cluster with 3 servers and 10 client nodes in secure
mode. Now as the certificate is going to expire, how can we configure the
new certificate without taking any down time?

Thanks,
Ankit Singhai



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Nikolay Izhikov Nikolay Izhikov
Reply | Threaded
Open this post in threaded view
|

Re: Certificate upgrade in Ignite Cluster

Hello, Ankit.

Please, clarify, what do you mean by "secure mode"?

В Чт, 09/05/2019 в 05:33 -0700, Ankit Singhai пишет:

> Hello,
> We are running Ignite Cluster with 3 servers and 10 client nodes in secure
> mode. Now as the certificate is going to expire, how can we configure the
> new certificate without taking any down time?
>
> Thanks,
> Ankit Singhai
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/

signature.asc (499 bytes) Download Attachment
Ankit Singhai Ankit Singhai
Reply | Threaded
Open this post in threaded view
|

Re: Certificate upgrade in Ignite Cluster

Hi,
I meant tls/ssl=on.

On Fri, May 10, 2019, 12:23 Nikolay Izhikov <[hidden email]> wrote:
Hello, Ankit.

Please, clarify, what do you mean by "secure mode"?

В Чт, 09/05/2019 в 05:33 -0700, Ankit Singhai пишет:
> Hello,
> We are running Ignite Cluster with 3 servers and 10 client nodes in secure
> mode. Now as the certificate is going to expire, how can we configure the
> new certificate without taking any down time?
>
> Thanks,
> Ankit Singhai
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Certificate upgrade in Ignite Cluster

Hello!

Can your new certificate be read with your existing trust store? If it can, you can just stop nodes one by one, bring them back with revised certificate.

If it can't, first you have to push trust store to all nodes in the same fashion, which will contain trusts for both new and old certificates while you transition.

Regards,
--
Ilya Kasnacheev


пт, 10 мая 2019 г. в 10:37, ANKIT SINGHAI <[hidden email]>:
Hi,
I meant tls/ssl=on.

On Fri, May 10, 2019, 12:23 Nikolay Izhikov <[hidden email]> wrote:
Hello, Ankit.

Please, clarify, what do you mean by "secure mode"?

В Чт, 09/05/2019 в 05:33 -0700, Ankit Singhai пишет:
> Hello,
> We are running Ignite Cluster with 3 servers and 10 client nodes in secure
> mode. Now as the certificate is going to expire, how can we configure the
> new certificate without taking any down time?
>
> Thanks,
> Ankit Singhai
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/