What has to be restarted when the certificate changes?
Gary Mills
mills at cc.umanitoba.ca
Thu Sep 9 19:33:55 EDT 2004
On Thu, Sep 09, 2004 at 06:58:38PM -0400, Ken Murchison wrote:
> Gary Mills wrote:
>
> >When the SSL certificate is about to expire and has to be replaced,
> >is it necessary to restart the Cyrus IMAP server. There will be new
> >private key and server certificate files. In case it matters, I'm
> >running cyrus-imapd-2.1.14 with cyrus-sasl-2.1.18.
>
> Nothing *has* to be restarted. As each new imapd/pop3d/lmtpd is
> executed, it will read imapd.conf for the path of the files. If the
> paths to the files haven't changed (just the contents), then they
> *might* be re-read when a running service is reused (for STARTTLS only).
Okay, that seems to explain what I observed. I replaced the files
without restarting Cyrus. Everything seemed to work normally, but
we had complaints from people using the pop3s service. (The silly
e-mail reader just said `Cannot connect to server'). A restart seems
to have fixed it.
--
-Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list