Olivier wrote: > Jean-Francois Malouin <[email protected]> writes: > >> As the subject say, I'm contemplating the use of LetsEncrypt TLS >> certificates. >> Is there a way to make slapd aware of a cert renewal (they happen every 90 >> days) without restarting it, ie, with minimal service interruption? > > I *do* restart slapd after I installed the new Let's Encrypt > certificate.
Use ldapmodify to set the new cert in cn=config. No restarts needed. > > I doubt there are any other way to make LDAp server aware of the > certificate change. And this is a 20 seconds interruption, nothing worth > mentioning (or you are a big organization, then you have redundant LDAP > servers and you would upgrade one at a time so it should be transparent > to your users). > > Best regards, > > Olivier > >> >> thanks, >> jf >> >> > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
