[Date Prev][Date Next]
Re: slapd and LetsEncrypt certificates: does a cert renewal necessitate a server restart?
> Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca> writes:
>> As the subject say, I'm contemplating the use of LetsEncrypt TLS certificates.
>> Is there a way to make slapd aware of a cert renewal (they happen every 90
>> days) without restarting it, ie, with minimal service interruption?
> I *do* restart slapd after I installed the new Let's Encrypt
Use ldapmodify to set the new cert in cn=config. No restarts needed.
> I doubt there are any other way to make LDAp server aware of the
> certificate change. And this is a 20 seconds interruption, nothing worth
> mentioning (or you are a big organization, then you have redundant LDAP
> servers and you would upgrade one at a time so it should be transparent
> to your users).
> Best regards,
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/