问题
Im using activeMQ as my messages server. In order to keep it secure between the server and the clients (producer/consumer), I added to the activemq.xml a ssl context section that tells the activemq when it starts, with which keystore and truststore file to use. In case the truststore has be updated with a new certifiate, I would like the activemq to reload the truststore without restart the broker itself. Is there any way t do it? I found something similer in the link below but I don't know this is what I need http://activemq.apache.org/runtime-configuration.html
回答1:
There is not a way to update the certificate without dropping all the client connections, which is effectively restarting it anyway.
Using the runtime-configuration wouldn't help with this configuration change in that you'd still have to drop client connections.
Having a failover broker (aka slave broker) or a network-of-brokers would help you in this case. You could upgrade the "other broker", then have clients failover to the updated one, then upgrade the original broker.
来源:https://stackoverflow.com/questions/54671347/activemq-ssl-reload-truststore-with-out-restart-broker