Can Glacier2 reload SSL certificates at runtime?

jasonjonesjasonjones Jason JonesOrganization: Swansea UniversityProject: A Web-Based environment for performing Computational Fluid DynamicsMember

I have a server running Glacier2 for long periods of time. I'm also using LetsEncrypt for my SSL certificates so they will get renewed every 60 days approximately. Is there a way to tell Glacier to load a new certificate without killing and restarting it? Maybe a SIGHUP? Or does it detect the file timestamp?

If not, how do I get over the problem of whenever the certificate is renewed the currently connected clients will get disconnected?

Thanks,

Jason

Answers

  • benoitbenoit Rennes, FranceBenoit FoucherOrganization: ZeroC, Inc.Project: IceAdministrators, ZeroC Staff ZeroC Staff

    Hi Jason,

    I'm afraid there's currently no easy way to get Glacier2 to reload the certificates beside restarting the process which might indeed imply disconnecting the clients.

    If you use port forwarding for Glacier2, you could spawn a new instance running on another port and re-configure the firewall to forward the traffic to the new instance.

    If you're running Glacier2 on Linux and you know well OpenSSL APIs, you could also consider implementing an Ice plugin that takes care of this. We do provide access to the OpenSSL SSL_CTX object through the IceSSL OpenSSL plugin API.

    In any case, we'll consider improving this for a future release!

    Cheers,
    Benoit.

Sign In or Register to comment.