Re-read the server certificate without dropping connections

alkanvpn · Post by **alkanvpn** » Thu Dec 24, 2020 2:38 pm

Hi all,

I have a use-case where the server certificate and key need to change more frequent than usual.

Is there any way to "soft-reload" an openvpn server service to reread the certificate without dropping the existing connections? As far as I read from the documentation, the SIGUSR1 signal wouldnt close/reopen the tun/tap interface but do you think it would do the trick?

Thanks and merry Christmas!

TinCanTech · Post by **TinCanTech** » Thu Dec 24, 2020 2:49 pm

Dream on ..

alkanvpn · Post by **alkanvpn** » Thu Dec 24, 2020 2:58 pm

that bad? I thought I could work something out ;(

If I were to write a patch, do you think it would be difficult to read the cert into memory and use it for new connections while maintaining the old connections on the old cert?

Post by **Pippin** » Thu Dec 24, 2020 3:05 pm

You can first discus this on the developers mailing list.
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel

alkanvpn · Post by **alkanvpn** » Thu Dec 24, 2020 3:26 pm

Pippin wrote: ↑
Thu Dec 24, 2020 3:05 pm
You can first discus this on the developers mailing list.
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel

Thanks!

TinCanTech · Post by **TinCanTech** » Thu Dec 24, 2020 3:45 pm

Before you start bothering the developers with this .. please describe your use case.

OpenVPN Support Forum

Re-read the server certificate without dropping connections

Re-read the server certificate without dropping connections

Re: Re-read the server certificate without dropping connections

Re: Re-read the server certificate without dropping connections

Re: Re-read the server certificate without dropping connections

Re: Re-read the server certificate without dropping connections

Re: Re-read the server certificate without dropping connections