| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | raf <raf(at)raf(dot)org>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: How to change the TLS certificate/key without restarting the server? |
| Date: | 2019-11-09 09:19:29 |
| Message-ID: | 6585cec4-bbb3-7d91-8799-f289deb58c22@2ndquadrant.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On 2019-10-17 07:20, raf wrote:
> https://www.postgresql.org/docs/12/ssl-tcp.html says:
>
> "Using a passphrase also disables the ability to
> change the server's SSL configuration without a
> server restart."
This is actually no longer true since PostgreSQL 11. I have committed a
fix.
> How is key TLS key changed without a server restart?
> Is replacing the server.crt/server.key files enough
> or is there more to it?
You need to issue a reload, for example using SIGHUP. That is supported
since PostgreSQL 10.
> And will existing connections continue to use the old
> key until they disconnect?
yes
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ekaterina Amez | 2019-11-11 09:12:48 | Strategy for upgrade highly used server |
| Previous Message | pradeep pandey | 2019-11-08 19:59:42 | Help Needed for pgbench with retry option |