From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
---|---|
To: | raf <raf(at)raf(dot)org>, pgsql-admin(at)postgresql(dot)org |
Subject: | Re: How to change the TLS certificate/key without restarting the server? |
Date: | 2019-11-09 09:19:29 |
Message-ID: | 6585cec4-bbb3-7d91-8799-f289deb58c22@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On 2019-10-17 07:20, raf wrote:
> https://www.postgresql.org/docs/12/ssl-tcp.html says:
>
> "Using a passphrase also disables the ability to
> change the server's SSL configuration without a
> server restart."
This is actually no longer true since PostgreSQL 11. I have committed a
fix.
> How is key TLS key changed without a server restart?
> Is replacing the server.crt/server.key files enough
> or is there more to it?
You need to issue a reload, for example using SIGHUP. That is supported
since PostgreSQL 10.
> And will existing connections continue to use the old
> key until they disconnect?
yes
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Ekaterina Amez | 2019-11-11 09:12:48 | Strategy for upgrade highly used server |
Previous Message | pradeep pandey | 2019-11-08 19:59:42 | Help Needed for pgbench with retry option |