Mircea wrote: >Subject: Re: [sipX-dev] Adding new Certificate Authorities > >On Tue, Jan 12, 2010 at 3:43 PM, Paul Mossman ><[email protected]> wrote: >> Mircea wrote: >>> <[email protected]> wrote: >>> > After adding a new CA the user is prompted with: >>> > "Keystores/TrustStore changed: Server Restart Needed" >>> > I tried a "Send Proflie" on the Servers page and the >Server Restart >>> > prompt persisted. >>> > In order to clear the restart message I had to type "Reboot" from >>> > command line an SSH shell (or power off/on the server) thus >>> losing all >>> > services during the reboot cycle. >>> > Is this intent or a bug? >>> >>> This is the intent. The Java Virtual Machine (JVM), where the Jetty >>> Server runs needs to be restarted in order to load the newly >>> imported certificate. >>> Probably, there is no need to restart other sipXecs >services, but the >>> Jetty web server (where sipXconfig code runs) needs to be restarted >> >> Won't any service that uses the CA need to be restarted? i.e. Also >> sipXproxy and sipXbridge. (Others?) > >I think that Scott suggested once that only java based >services would need restart. This is something particular with >Java Virtual Machine. >Services based on C/C++ do not require restart - they can >directly read the content of the certificate directory (Scott, >please let us know if this is correct. My assumption is based >on: http://list.sipfoundry.org/archive/sipx-dev/msg21195.html) > I'm not Scott but that it correct. The restarting is required for Java based only as they load the Keystore and Truststore at startup. I've been trying to find a way to have it reload the Keystore and Trustore but haven't figured out if its possible or not.
>Anyway, you may be right about sipXbridge (it is java based). >Ranga, what do you think? sipXbridge is java based. >> >> >>> Probably will be enough to run something like: >>> /usr/local/sipx/bin/sipxproc --restart ConfigServer >>> >>> I can add a nice improvement, to run this command from UI (use the >>> waiting page mechanism - the same mechanism used for >software update >>> or restore). The user will not notice that the config is down for a >>> while. >> >> I like the idea of using the waiting page mechanism, since the GUI >> will be non-functional while sipXconfig restarts. >> >> But, can you also change the resulting service restart >> prompt/invocation to use the standard mechanism: "One or >more services >> need to be restarted. For details click: here"? >> (RestartNeededServicesPage.html) >> >> This would make the new behaviour much more consistent. > >Yes, good idea, I can make use/improve the standard mechanism. >If among the services from the RestartNeededServicesPage, that >need to be restarted is also the ConfigServer, the WaitingPage >will come into picture. > >> >> >> -Paul >> [email protected] >> >> >> >> >_______________________________________________ >sipx-dev mailing list [email protected] List >Archive: http://list.sipfoundry.org/archive/sipx-dev >Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev >sipXecs IP PBX -- http://www.sipfoundry.org/ > _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
