[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd and LetsEncrypt certificates: does a cert renewal necessitate a server restart?
- To: Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca>
- Subject: Re: slapd and LetsEncrypt certificates: does a cert renewal necessitate a server restart?
- From: Olivier <Olivier.Nicole@cs.ait.ac.th>
- Date: Tue, 10 Sep 2019 10:24:52 +0700
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= content-type:content-type:mime-version:message-id:date:date :in-reply-to:subject:subject:from:from:received:received :received; s=selector1; t=1568085895; x=1569900296; bh=AUl9l36je 896zU12xMVgoPMxGeJZ1hE4YoetNtDn4KY=; b=aNusoEu6Z+2XIlCuOU1jea0Ej M6HjLO7sKnDL3AA8RJk+aeyRmg5Krk511AxBIGUVTnzbbf5TuKuIDKJddZP+eQNT howAVVkaMWl6QYBjtc3cZZFHpFttAoUqCOAuXUhV6MP3yRzuADAp2zBSjiFc5Bvd 4Ca8RpWM/pv7C9kGFg=
- In-reply-to: <20190909170445.GA17471@bic.mni.mcgill.ca> (message from Jean-Francois Malouin on Mon, 9 Sep 2019 13:04:45 -0400)
Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca> writes:
> As the subject say, I'm contemplating the use of LetsEncrypt TLS certificates.
> Is there a way to make slapd aware of a cert renewal (they happen every 90
> days) without restarting it, ie, with minimal service interruption?
I *do* restart slapd after I installed the new Let's Encrypt
certificate.
I doubt there are any other way to make LDAp server aware of the
certificate change. And this is a 20 seconds interruption, nothing worth
mentioning (or you are a big organization, then you have redundant LDAP
servers and you would upgrade one at a time so it should be transparent
to your users).
Best regards,
Olivier
>
> thanks,
> jf
>
>
--