Server Administration
EMS supports multiple methods for administering your server-group. For more details, see the When You First Start tibemsadmin topic and Using the EMS Administration Tool topic in TIBCO Enterprise Message Service™ User Guide.
Your EMS server-group is configured with FTL Stores, which has some impact on your administration options. For more details, see FTL Stores.
Changing the EMS Server SSL Certificate
EMS does not support changing of the EMS server TLS certificate through tibemsadmin
or the Java Admin API. To supply your own TLS certificate in place of the sample certificate used by default, perform the following steps:
- Procedure
- To create a Kubernetes file secret called $EMS_NAME-certs containing them, save all the necessary certificate files in a local certs directory and then run the following command :
kubectl create secret generic $EMS_NAME-certs --from-file=./certs
The EMS server pods mount and place the certificate files in the/data/certs/
subdirectory of each pod after restarting the server. - After the new certificate files are placed inside the pods, update the server TLS properties by using the tibemsjson2ftl tool. You must update
ssl_server_identity
,ssl_server_key
, andssl_server_passphrase
. - To customize an EMS server certificate, run the following command:
kubectl exec -it $EMS_NAME-ems-0
cd /logs
export jsonUpdate=my.tibemsd.json
LD_LIBRARY_PATH=/opt/tibco/ftl/current-version/lib/ tibemsjson2ftl -url "$FTL_REALM_URL" -json $jsonUpdate -download
vi $jsonUpdate
Modify the ssl_* settings, and save
LD_LIBRARY_PATH=/opt/tibco/ftl/current-version/lib/ tibemsjson2ftl -url "$FTL_REALM_URL" -json $jsonUpdate
Delete the standby pods
kubectl delete pod/$EMS_NAME-ems-<0|1|2>
kubectl delete pod/$EMS_NAME-ems-<0|1|2>
Delete the active pod
kubectl delete pod/$EMS_NAME-ems-<0|1|2>