On 09/01/2022 09:05, Harald Dunkel wrote:
Hi folks,
Hi!
On 09/01/2022 09:05, Harald Dunkel wrote:
I wonder if opensmtpd starts using new key and certificate chain
automagically,
in case they replaced the old files? Do I have to hup or restart smtpd?
Hopefully I am not too blind to see, but apparently the man page doesn't
tell.
You have to restart it.
In fact, I don't know any server that watches those files in order to
reload them. As far as I know, most servers starts as root, loads the
private key and the certificate into memory, then switch to an
unprivileged user which cannot read those files. Such a workflow doesn't
allow the feature you are asking for unless your certificate and key
file are wildly accessible, which is so obviously insecure that some
servers (OpenSMTPD is one of them) will refuse to start.
Regards,
--
Rodolphe Bréard
https://rodolphe.breard.tf/
B229 CCD5 6900 91E7 D5D6 189F 09BC 23A1 D556 2635
