Re-read the server certificate without dropping connections

Scripts to manage certificates or generate config files
Post Reply
alkanvpn
OpenVpn Newbie
Posts: 4
Joined: Thu Dec 24, 2020 2:24 pm

Re-read the server certificate without dropping connections

Post by alkanvpn » Thu Dec 24, 2020 2:38 pm

Hi all,

I have a use-case where the server certificate and key need to change more frequent than usual.

Is there any way to "soft-reload" an openvpn server service to reread the certificate without dropping the existing connections? As far as I read from the documentation, the SIGUSR1 signal wouldnt close/reopen the tun/tap interface but do you think it would do the trick?

Thanks and merry Christmas!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 9040
Joined: Fri Jun 03, 2016 1:17 pm

Re: Re-read the server certificate without dropping connections

Post by TinCanTech » Thu Dec 24, 2020 2:49 pm

Dream on .. :lol:

alkanvpn
OpenVpn Newbie
Posts: 4
Joined: Thu Dec 24, 2020 2:24 pm

Re: Re-read the server certificate without dropping connections

Post by alkanvpn » Thu Dec 24, 2020 2:58 pm

that bad? I thought I could work something out ;(

If I were to write a patch, do you think it would be difficult to read the cert into memory and use it for new connections while maintaining the old connections on the old cert?

User avatar
Pippin
Forum Team
Posts: 981
Joined: Wed Jul 01, 2015 8:03 am

Re: Re-read the server certificate without dropping connections

Post by Pippin » Thu Dec 24, 2020 3:05 pm

You can first discus this on the developers mailing list.
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel

alkanvpn
OpenVpn Newbie
Posts: 4
Joined: Thu Dec 24, 2020 2:24 pm

Re: Re-read the server certificate without dropping connections

Post by alkanvpn » Thu Dec 24, 2020 3:26 pm

Pippin wrote:
Thu Dec 24, 2020 3:05 pm
You can first discus this on the developers mailing list.
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel
Thanks!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 9040
Joined: Fri Jun 03, 2016 1:17 pm

Re: Re-read the server certificate without dropping connections

Post by TinCanTech » Thu Dec 24, 2020 3:45 pm

Before you start bothering the developers with this .. please describe your use case.

Post Reply