2 Replies Latest reply on Jul 31, 2020 3:26 PM by jariola

Reload SSL certificate without restarting ORDS standalone

jariola Jul 31, 2020 10:05 AM

I'm using ORDS 20.2.

As I understand SSL certificate file is read only when ORDS standalone is started.

If you need change certificate, e.g. case of renew, is there way read new certificate without restarting ORDS?

Because restarting whole ORDS isn't so fast and causes break for end users.

1. Re: Reload SSL certificate without restarting ORDS standalone

EJ-Egyed Jul 31, 2020 12:45 PM (in response to jariola)

Since the SSL configuration is set up by application container, that is what would need to support a new certificate. Right now I don't believe Jetty (standalone) or Tomcat support having a certificate reloaded without restarting the server. Oracle WebLogic does seem to have some functionality named "Restart SSL" which has this functionality (https://docs.oracle.com/middleware/12212/wls/WLACH/taskhelp/security/RestartSSL.html ).

To minimize the disruption to your users, you can put the new configuration in place then have the web server restarted in the middle of the night, off-hours, or maintenance hours.
1 person found this helpful
Like Show 0 Likes(0)

Actions
2. Re: Reload SSL certificate without restarting ORDS standalone

jariola Jul 31, 2020 3:26 PM (in response to EJ-Egyed)

Thanks.
I'm not sure, but I think there is feature in Jetty to reload certificate
https://github.com/eclipse/jetty.project/issues/918

Just that I don't have any experience with Jetty, I don't know how do it or is it possible with ORDS standalone
Like Show 0 Likes(0)

Actions