[MDEV-16266] Ability to Refresh SSL Cert / CRL Without Server Restart - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Fix Version/s: 10.4.1
Component/s: Server, SSL
Labels:
- ssl

Description

Background

When we need to update server SSL certs for renewal, we have to restart the mariadb server. This can be problematic for production servers where we do not frequently restart the service. This is particularly acute when using short-lived certs such as those provided by LetsEncrypt.

Cert Renewals will be less disruptive it is is possible to issue a command to mariadb server to make the server reload the server certificate and/or CRL, as needed.

A similar case is open for MySQL (refer: https://bugs.mysql.com/bug.php?id=75404), but does not appear to have gained traction.

Acceptance Criteria

Ability added to flush server SSL certificates, without requiring a server restart.
Ability added to flush server CRL, without requiring server restart.

Raised this as a task, as I can't raise it as a feature request...
Thanks.

Attachments

Issue Links

relates to

MDEV-19168 mysqladmin implement --flush-ssl

Closed

MDEV-19341 Make reloadable TLS system variables dynamic

Closed

MXS-3128 Cannot refresh SSL Certificates without a restart

Closed

MXS-3197 Ability to refresh SSL certificates without MaxScale restart

Closed

CONJ-670 MariaDB java connector ability to Refresh SSL certificate

Closed

Activity

People

Assignee:: Vladislav Vaintroub

Reporter:: Stephen Hames

Votes:: 1 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 2018-05-23 16:45

Updated:: 2023-01-16 12:49

Resolved:: 2018-12-12 21:59

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.