[#MXS-3197] Ability to refresh SSL certificates without MaxScale restart

[MXS-3197] Ability to refresh SSL certificates without MaxScale restart Created: 2020-09-17 Updated: 2020-09-18 Resolved: 2020-09-18
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	N/A
Affects Version/s:	None
Fix Version/s:	N/A

Type:

New Feature

Priority:

Major

Reporter:

Daniel Almeida (Inactive)

Assignee:

Unassigned

Resolution:

Duplicate

Votes:

Labels:

None

Issue Links:

Duplicate
duplicates	~~MXS-3128~~	Cannot refresh SSL Certificates witho...	Closed
Relates
relates to	~~MDEV-16266~~	Ability to Refresh SSL Cert / CRL Wit...	Closed

Description

Currently there is no way in MaxScale to refresh ssl certificates with new ones. In MariaDB, whenever a new ssl certificate is refreshed, we can just issue a flush ssl command, and this will take care of it.
In order for MaxScale to be updated with the new certs, a service restart of maxscale is required.
I did some investigation and found this capability was added to MariaDB at the end of 2018. Could this same concept be implemented in MaxScale?

Here's the MariaDB feature request for this same issue, which has already been addressed and it works.

Comments

Comment by Greg Smith [ 2020-09-17 ]

Now that Apple has required a 1 year life to certificates, we will have to start updating our ssl certs with more regularity. It would be best if MaxScale had the same functionality as MariaDB that would allow you to update/refresh the SSL certificates from maxctrl without having to restart the service.

Comment by markus makela [ 2020-09-18 ]

Duplicate of ~~MXS-3128~~.

Generated at Thu Feb 08 04:19:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-3197] Ability to refresh SSL certificates without MaxScale restart Created: 2020-09-17 Updated: 2020-09-18 Resolved: 2020-09-18