RDBTC-179 Emergency Access to RavenDB #2231
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gregolsky
reviewed
Jan 15, 2026
Comment on lines
16
to
19
| If your RavenDB instance connection is lost in the following situations: | ||
| - The certificate expired and was not renewed | ||
| - The certificate was deleted | ||
| - You were authenticating with a 2EKU server certificate, and it was renewed with 1EKU [(context)](https://ravendb.net/articles/ravendb-global-changes-in-lets-encrypt) |
Member
There was a problem hiding this comment.
I think we need to explicitly mention it's about the Client Certificate
gregolsky
reviewed
Jan 15, 2026
|
|
||
| - use an existing, non-expired one | ||
| - contact your system administrator to generate one for you | ||
| - generate a new self-signed certificate (example below) |
Member
There was a problem hiding this comment.
Suggested change
| - generate a new self-signed certificate (example below) | |
| - generate a new self-signed certificate yourself (example below) |
gregolsky
reviewed
Jan 15, 2026
|
|
||
| You will need to connect directly to the server environment where Raven.Server process is running. | ||
|
|
||
| We need to send the new certificate to the production environment - so it's "reachable" for the `rvn` executable, which is located inside your RavenDB distribution package. |
Member
There was a problem hiding this comment.
Suggested change
| We need to send the new certificate to the production environment - so it's "reachable" for the `rvn` executable, which is located inside your RavenDB distribution package. | |
| We need make the new certificate accessible by RavenDB through the file system - so that it's "reachable" for the `rvn` executable, which is located inside your RavenDB distribution package. |
gregolsky
reviewed
Jan 15, 2026
|
|
||
| We need to send the new certificate to the production environment - so it's "reachable" for the `rvn` executable, which is located inside your RavenDB distribution package. | ||
|
|
||
| You can use `scp`, copy via remote desktop (rdp), or any other relevant method. |
Member
There was a problem hiding this comment.
Suggested change
| You can use `scp`, copy via remote desktop (rdp), or any other relevant method. | |
| You can use `scp`, copy via remote desktop (RDP), or any other relevant method. |
gregolsky
reviewed
Jan 15, 2026
| e.g. | ||
|
|
||
| ```bash | ||
| scp certs/client.pfx user@my-server:/path/to/ravendb/RavenDB/Server/ |
Member
There was a problem hiding this comment.
I would not advise to put that cert in the server directory. Just home dir would do
gregolsky
reviewed
Jan 15, 2026
|
|
||
| Go to the directory where you have extracted/installed RavenDB, and run the `rvn` tool with `admin-channel` command. | ||
|
|
||
| The `rvn admin-channel` will connect directly to the local RavenDB server process using IPC pipe. |
Member
There was a problem hiding this comment.
Suggested change
| The `rvn admin-channel` will connect directly to the local RavenDB server process using IPC pipe. | |
| The `rvn admin-channel` will connect directly to the local RavenDB server process using IPC. |
|
|
||
| The `rvn admin-channel` will connect directly to the local RavenDB server process using IPC pipe. | ||
|
|
||
| Once you're connected, use `trustClientCert` command. |
Contributor
There was a problem hiding this comment.
Should we specify parameters for this command?
hiddenshadow21
approved these changes
Jan 15, 2026
gregolsky
approved these changes
Jan 15, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://issues.hibernatingrhinos.com/issue/RDBTC-179/Emergency-Access-to-RavenDB