[openssl-users] certificate renewal without restarting processes

Salz, Rich rsalz at akamai.com
Thu May 25 14:28:30 UTC 2017

> It uses SSL_CTX_use_certificate_chain_file in some places and in other places
> it uses PEM_read_bio_X509
> When these APIs are used, can the OpenSSL stack detect updated files on
> disk and reload them without any intervention from the application?

No, it's a load and use the current contents.

You can call them multiple times; the old content will be removed and new content reloaded.

More information about the openssl-users mailing list