OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Re-read the server certificate without dropping connections

https://forums.openvpn.net/viewtopic.php?t=31531

Page 1 of 1

Re-read the server certificate without dropping connections

Posted: Thu Dec 24, 2020 2:38 pm
by alkanvpn
Hi all,

I have a use-case where the server certificate and key need to change more frequent than usual.

Is there any way to "soft-reload" an openvpn server service to reread the certificate without dropping the existing connections? As far as I read from the documentation, the SIGUSR1 signal wouldnt close/reopen the tun/tap interface but do you think it would do the trick?

Thanks and merry Christmas!

Re: Re-read the server certificate without dropping connections

Posted: Thu Dec 24, 2020 2:49 pm
by TinCanTech
Dream on .. :lol:

Re: Re-read the server certificate without dropping connections

Posted: Thu Dec 24, 2020 2:58 pm
by alkanvpn
that bad? I thought I could work something out ;(

If I were to write a patch, do you think it would be difficult to read the cert into memory and use it for new connections while maintaining the old connections on the old cert?

Re: Re-read the server certificate without dropping connections

Posted: Thu Dec 24, 2020 3:05 pm
by Pippin
You can first discus this on the developers mailing list.
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel

Re: Re-read the server certificate without dropping connections

Posted: Thu Dec 24, 2020 3:26 pm
by alkanvpn
Pippin wrote:
Thu Dec 24, 2020 3:05 pm
 You can first discus this on the developers mailing list.
Subscribe here:
https://sourceforge.net/projects/openvp ... nvpn-devel
Thanks!

Re: Re-read the server certificate without dropping connections

Posted: Thu Dec 24, 2020 3:45 pm
by TinCanTech
Before you start bothering the developers with this .. please describe your use case.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/