[openssl-users] certificate renewal without restarting processes

Daniel Pocock daniel at pocock.pro
Thu May 25 14:13:21 UTC 2017


The reSIProcate project is using OpenSSL to load[1] certificates and
private keys.

It uses SSL_CTX_use_certificate_chain_file in some places and in other
places it uses PEM_read_bio_X509

When these APIs are used, can the OpenSSL stack detect updated files on
disk and reload them without any intervention from the application?

If not, is there any alternative API function that can do that?

If it can't be done within OpenSSL, what is the right way for the
application developer to go about it?  Can those methods simply be
called again when a file has been updated, or is any cleanup needed
before trying to load the new cert?




More information about the openssl-users mailing list