Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16266

Ability to Refresh SSL Cert / CRL Without Server Restart

    Details

      Description

      Background

      When we need to update server SSL certs for renewal, we have to restart the mariadb server. This can be problematic for production servers where we do not frequently restart the service. This is particularly acute when using short-lived certs such as those provided by LetsEncrypt.

      Cert Renewals will be less disruptive it is is possible to issue a command to mariadb server to make the server reload the server certificate and/or CRL, as needed.

      A similar case is open for MySQL (refer: https://bugs.mysql.com/bug.php?id=75404), but does not appear to have gained traction.

      Acceptance Criteria

      • Ability added to flush server SSL certificates, without requiring a server restart.
      • Ability added to flush server CRL, without requiring server restart.

      Raised this as a task, as I can't raise it as a feature request...
      Thanks.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                wlad Vladislav Vaintroub
                Reporter:
                stephen.hames Stephen Hames
              • Votes:
                1 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: