Hi Auréline On 05/18/2018 11:07 AM, Aurélien Nephtali wrote: > Hello, > > On Wed, Apr 18, 2018 at 9:34 PM, Aurélien Nephtali > <[email protected]> wrote: >> Hello, >> >> I have some patches to support dynamically loading and unloading PEM >> certificates through the CLI. It is mainly a big refactoring of some >> part of the SSL code (thanks Thierry for your patches, we came to the >> same conclusion :) !). >> > > Here is an updated version of this feature. The changes are: > - Use a payload in the CLI to pass the certificate > - Change the way to specify on which listener the certificate is > to be added/removed: using the "bind name". > If the listeners are not named, the only way to update their > certificates is to do a global operation (using just the frontend name > in the command). > > One thing that should be discussed is what will be the command syntax > when it will support more certificate options (OCSP, SCTL) ? > I thought about sending something like an .ini file: > > [certificate] > aaaaa=== > > [ocsp] > bbbbb=== > > etc... > > but one needs to prepare these files: it may not be very handy for a > one shot operation ? > Plus, without streaming we're quickly limited by the payload size with > the default value. >
I see that you're using the domain to known the certificate to delete. If you take a look to crt-list, you will see that the identifier of the certificate is customizable and is not necessarily the domain. I think to perform the adds/delete operation we should use the same identifiers than the crt-list option R, Emeric
