Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

GRPC server restarts with new PID after SSL certificate is changed

0

0

Article ID: KB36817 KB Last Updated: 13 Sep 2021Version: 1.0
Summary:

After SSL certificate is changed under the GRPC configuration, the GRPC server needs to restart. A syslog message will then confirm the restart with a new PID.

Symptoms:

The GRPC server restarts on Junos after SSL certificate rotation.

Solution:
  1. Initial configuration for GRPC:

    system {
    services {
    extension-service {
                request-response {
                    grpc {
                        ssl {
                            address 117.1.1.1;
                            port 18100;
                            local-certificate local-cert-1;   <--- Existing certificate
                        }
                        max-connections 4;
                    }
                }
            }
  2. SSL certificate is rotated and the new GRPC configuration is changed:

    system {
    services {
    extension-service {
                request-response {
                    grpc {
                        ssl {
                            address 117.1.1.1;
                            port 18100;
                            local-certificate local-cert-2;   <--- New certificate
                        }
                        max-connections 4;
                    }
                }
            }
  3. Once the certificate is changed, the GRPC server process on the router will restart in order for the new certificate to take into effect. The following message will appear:

    Feb 12 08:00:54.399  router-r1 jsd[703]: %DAEMON-1-JSD_RESTART_ON_CONFIG_CHANGE: Grpc Server will restart for config changes to take effect
  4. Since the JSD restarted, the PID for it will change too:

    user@router-r1# run show system processes extensive | match jsd       
    703 root      20    0   744M 20808K select  1   0:30   0.00% jsd <-- This is the PID before the certification rotation 


    user@router-r1# run show system processes extensive | match jsd   
    17686 root      20    0   744M 20808K select  1   0:30   0.00% jsd <-- This is the PID after certification rotation
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search