For anyone looking for the same answer here is what I discovered. TL;DR: Yes.
Long version: Both gRPC client and server support having multiple certificates for their root authorities (which are checked when the authentication of the other side is performed). Some implementations of gRPC have "dynamic SSL certificate reloading" meaning you do not have to restart the server for it to pick up new certs, instead every time a channel is going to be created the server fetches current certs via some certificate_fetcher which gets the current certificates. Channels created with old certs stay open since they have already shared the symmetric key (for more info on this read how TLS works). These two functionalities enable seamless cert rotation. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/ed4ba9d9-a52e-4842-96d6-980e90a23d5c%40googlegroups.com.
