I believe you are correct on this matter. However, I've noticed something interesting: when I reload the certificate and private key files dynamically (the new ones), subsequent connections use the new certificate. I suppose I could go through and update ALL other existing server records in the same matter, but that idea seems to reek of insecure handling.
Do you think this idea will work, or if it's just a nice-but-kludge idea? Ed >From: Mads Toftum <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: Re: Changing Certificates Dynamically >Date: Thu, 21 Mar 2002 23:28:37 +0100 > >On Thu, Mar 21, 2002 at 02:10:33PM -0800, Edward Wong wrote: > > Hey All, > > > > This subject has probably already been broached, but is it possible to > > change certificates dynamically? I'm having problems getting apache to > > present the new certificate during renegotiation. > > > > For example, I start apache with a pre-existing self-signed certificate. > > Then I upload a new certificate to the server, and want to swtich to >that > > certificate dynamically without restarting the server. > > > > Is this possible? > >No. You need a restart (I'm not even sure that a graceful restart is >enough - I think you need the full stop/start) > >vh > >Mads Toftum >-- >With a rubber duck, one's never alone. > -- "The Hitchhiker's Guide to the Galaxy" >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
