Hi all,
I have a use-case where the server certificate and key need to change more frequent than usual.
Is there any way to "soft-reload" an openvpn server service to reread the certificate without dropping the existing connections? As far as I read from the documentation, the SIGUSR1 signal wouldnt close/reopen the tun/tap interface but do you think it would do the trick?
Thanks and merry Christmas!
Re-read the server certificate without dropping connections
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Dec 24, 2020 2:24 pm
- TinCanTech
- OpenVPN Protagonist
- Posts: 8374
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Dec 24, 2020 2:24 pm
Re: Re-read the server certificate without dropping connections
that bad? I thought I could work something out ;(
If I were to write a patch, do you think it would be difficult to read the cert into memory and use it for new connections while maintaining the old connections on the old cert?
If I were to write a patch, do you think it would be difficult to read the cert into memory and use it for new connections while maintaining the old connections on the old cert?
- Pippin
- Forum Team
- Posts: 957
- Joined: Wed Jul 01, 2015 8:03 am
Re: Re-read the server certificate without dropping connections
You can first discus this on the developers mailing list.
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Dec 24, 2020 2:24 pm
Re: Re-read the server certificate without dropping connections
Thanks!Pippin wrote: ↑Thu Dec 24, 2020 3:05 pmYou can first discus this on the developers mailing list.
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel
- TinCanTech
- OpenVPN Protagonist
- Posts: 8374
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Re-read the server certificate without dropping connections
Before you start bothering the developers with this .. please describe your use case.