Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16266

Ability to Refresh SSL Cert / CRL Without Server Restart

Details

    Description

      Background

      When we need to update server SSL certs for renewal, we have to restart the mariadb server. This can be problematic for production servers where we do not frequently restart the service. This is particularly acute when using short-lived certs such as those provided by LetsEncrypt.

      Cert Renewals will be less disruptive it is is possible to issue a command to mariadb server to make the server reload the server certificate and/or CRL, as needed.

      A similar case is open for MySQL (refer: https://bugs.mysql.com/bug.php?id=75404), but does not appear to have gained traction.

      Acceptance Criteria

      • Ability added to flush server SSL certificates, without requiring a server restart.
      • Ability added to flush server CRL, without requiring server restart.

      Raised this as a task, as I can't raise it as a feature request...
      Thanks.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-19168 mysqladmin implement --flush-ssl

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Task - A task that needs to be done. MDEV-19341 Make reloadable TLS system variables dynamic

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MXS-3128 Cannot refresh SSL Certificates without a restart

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MXS-3197 Ability to refresh SSL certificates without MaxScale restart

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONJ-670 MariaDB java connector ability to Refresh SSL certificate

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            bar Alexander Barkov added a comment - - edited

            Hi ralf.gebhardt, I can try. When is the deadline?

            bar Alexander Barkov added a comment - - edited Hi ralf.gebhardt , I can try. When is the deadline?
            stephen.hames Stephen Hames added a comment -

            Thanks for adding this.

            It is much appreciated!

            stephen.hames Stephen Hames added a comment - Thanks for adding this. It is much appreciated!
            azurit azurit added a comment - - edited

            Could this be backported to older versoins? Ideally all up from 10.1 or at least 10.2. Thanks.

            azurit azurit added a comment - - edited Could this be backported to older versoins? Ideally all up from 10.1 or at least 10.2. Thanks.

            People

              wlad Vladislav Vaintroub
              stephen.hames Stephen Hames
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.