[rabbitmq-discuss] Does Certificate updation requires server bounce?

Tim Watson tim at rabbitmq.com
Mon Dec 30 15:21:32 GMT 2013


On 29 Dec 2013, at 07:16, k.madnani84 wrote:
> Suppose i have a rabbitMQ with ssl support enabled.If i Modify any of the
> certificates(root or server) or key do i need to bounce back the server to
> bring it to effect?

RabbitMQ reads its configuration file just once at startup, so changing the path to any certificates (if that's what you're asking about) will not take effect unless the server is restarted. If you're asking about making physical changes to the cert file(s) once the server is running, then I'm not sure what the answer is here. Having briefly looked at erlang's ssl application, some caching of certificates does appear to be taking place, but there are several components at work so so I'm not 100% certain. It appears that the runtime trusted certificates database used by the ssl application uses an MD5 hash of the cert file to determine whether or not a new trusted cert entry is required when initialising a new ssl connection, but what the actual effect will be (of changing a file whilst the server is running) I couldn't say right now without further investigation.


More information about the rabbitmq-discuss mailing list