Hi all,
I have a use-case where the server certificate and key need to change more frequent than usual.
Is there any way to "soft-reload" an openvpn server service to reread the certificate without dropping the existing connections? As far as I read from the documentation, the SIGUSR1 signal wouldnt close/reopen the tun/tap interface but do you think it would do the trick?
Thanks and merry Christmas!
Re-read the server certificate without dropping connections
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Dec 24, 2020 2:24 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Dec 24, 2020 2:24 pm
Re: Re-read the server certificate without dropping connections
that bad? I thought I could work something out ;(
If I were to write a patch, do you think it would be difficult to read the cert into memory and use it for new connections while maintaining the old connections on the old cert?
If I were to write a patch, do you think it would be difficult to read the cert into memory and use it for new connections while maintaining the old connections on the old cert?
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Re-read the server certificate without dropping connections
You can first discus this on the developers mailing list.
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Dec 24, 2020 2:24 pm
Re: Re-read the server certificate without dropping connections
Thanks!Pippin wrote: ↑Thu Dec 24, 2020 3:05 pmYou can first discus this on the developers mailing list.
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Re-read the server certificate without dropping connections
Before you start bothering the developers with this .. please describe your use case.