Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16266

Ability to Refresh SSL Cert / CRL Without Server Restart

    XMLWordPrintable

    Details

      Description

      Background

      When we need to update server SSL certs for renewal, we have to restart the mariadb server. This can be problematic for production servers where we do not frequently restart the service. This is particularly acute when using short-lived certs such as those provided by LetsEncrypt.

      Cert Renewals will be less disruptive it is is possible to issue a command to mariadb server to make the server reload the server certificate and/or CRL, as needed.

      A similar case is open for MySQL (refer: https://bugs.mysql.com/bug.php?id=75404), but does not appear to have gained traction.

      Acceptance Criteria

      • Ability added to flush server SSL certificates, without requiring a server restart.
      • Ability added to flush server CRL, without requiring server restart.

      Raised this as a task, as I can't raise it as a feature request...
      Thanks.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wlad Vladislav Vaintroub
              Reporter:
              stephen.hames Stephen Hames
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: