On 10/2/18 3:49 PM, Howard Chu wrote:
Ulrich Windl wrote:
I have a question: I updated the contents of certificate and key file (same location and file name) while slapd was running. Is it expected that slapd will recognize (and use) the new certificates, or is a restart or reload needed? Out certificates will expire soon...>
slapd or OpenSSL won't see them automatically. But if you modify the olcTLSCertificateFile in cn=config it will get reloaded. Otherwise you must restart.
Besides monitoring cert validity I've added a check to my monitoring script which alarms if a newer slapd.conf or newer TLS files are there and slapd needs to be restarted. It determines the path names via back-config - which might sound strange to some of you I know. ;-)
https://pypi.org/project/slapdcheck/
Currently it only generates check_mk output.
Ciao, Michael.