Re: Q: Renewing certificates online

[Michael Ströder <michael@stroeder.com>]

On 10/2/18 3:49 PM, Howard Chu wrote:
> Ulrich Windl wrote:
>> I have a question: I updated the contents of certificate and key
>> file (same location and file name) while slapd was running. Is it
>> expected that slapd will recognize (and use) the new certificates,
>> or is a restart or reload needed? Out certificates will expire
>> soon...>
> slapd or OpenSSL won't see them automatically. But if you modify the olcTLSCertificateFile in cn=config it will get reloaded.
> Otherwise you must restart.

Besides monitoring cert validity I've added a check to my monitoring
script which alarms if a newer slapd.conf or newer TLS files are there
and slapd needs to be restarted. It determines the path names via
back-config - which might sound strange to some of you I know. ;-)

https://pypi.org/project/slapdcheck/

Currently it only generates check_mk output.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature