• State Verified Answer
  • Replies replies
    3
  • Subscribers subscribers
    180
  • Views views
    198
  • Users 0 members are here
Related
Options

Is it possible to 'reload' the UCMDB Server Truststore without restarting UCMDB?

Jim_Pooley

We have SSO configured between UCMDB and SMAX. Without wanting to get too bogged down in the detail, users access SMAX through a proxy with a CA cert, whereas UCMDB connects to SMAX internally and SMAX presents a self-signed cert, which was added to the UCMDB server.truststore.

The self-signed SMAX certificate recently expired and was replaced, however we are having issues accessing the Java Client because UCMDB doesn't appear to trust the certificate, despite it having been added to the truststore. 

Does anyone know, is it possible to get UCMDB to re-process the truststore without a UCMDB restart? We'll restart if we have to but would rather not if it can be avoided.
 

  • Verified Answer

    +1 Micro Focus Employee

    The keystore and truststore are loaded into memory when the JVM starts so you can't avoid a UCMDB service restart.

    This is the Java design AFAIK. If I am wrong then it's easy to test. Just add a new certificate in the trustore and without restarting then use a flow which needs that certificate. Theoretically the validation will check the truststore on the disk although I know that it will check it from the memory.
    Never tried this path. I always restarted the UCMDB service.

  • 0
    in reply to JohnCI

    Thanks for your response. I think that's kind of what I was getting at. It's already apparent that it doesn't read the truststore 'on the fly' as the new cert has already been added and it's not working.

    I was more after suggestion of whether there was a command or similar that could effectively reload the contents into memory without a full UCMDB restart, which is obviously service affecting.

    If a restart is the only way to go, it's by no means a show stopper and is something that's not going to occur too often, but it does mean it has to wait until a quiet time before it can be done. I'll write it into our plan for future but had been hoping for something more immediate in this instance.



  • 0 Micro Focus Employee
    in reply to Jim_Pooley

    Ack.

    My best suggestion is to check your logs to see if you have a fuse to increase or other reasons to restart the UCMDB service. Once you have enough reasons and an approved downtime then you can go for the restart.

    I presume you added the certificate and you can see it using Keytool or something similar.

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.