On 10/2/18 3:49 PM, Howard Chu wrote: > Ulrich Windl wrote: >> I have a question: I updated the contents of certificate and key >> file (same location and file name) while slapd was running. Is it >> expected that slapd will recognize (and use) the new certificates, >> or is a restart or reload needed? Out certificates will expire >> soon...> > slapd or OpenSSL won't see them automatically. But if you modify the > olcTLSCertificateFile in cn=config it will get reloaded. > Otherwise you must restart.
Besides monitoring cert validity I've added a check to my monitoring script which alarms if a newer slapd.conf or newer TLS files are there and slapd needs to be restarted. It determines the path names via back-config - which might sound strange to some of you I know. ;-) https://pypi.org/project/slapdcheck/ Currently it only generates check_mk output. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
