[pgpool-general: 9097] Re: Is the TLS certificate revocation list loaded only on server start, or does the TLS/SSL library reload it on every connection?

Tatsuo Ishii ishii at sraoss.co.jp
Tue May 7 18:25:08 JST 2024


> Good day
> 
> PgPool supports setting an ssl_crl_file parameter to configure a certificate revocation list. Let's assume that's been set up, and PgPool has been restarted to load the file. If the file is changed to revoke another certificate, will that automatically be picked up by the running PgPool the next time a client connects, or does PgPool need to be restarted every time a certificate is added to the CRL? If so, is a simple configuration reload sufficient, or does it have to be a full restart?

You need a full restart as mentioned in the docs. Note that
PostgreSQL's ssl_crl_file needs a server restart if it is changed.

Best reagards,
--
Tatsuo Ishii
SRA OSS LLC
English: http://www.sraoss.co.jp/index_en/
Japanese:http://www.sraoss.co.jp



More information about the pgpool-general mailing list