-
Change Request
-
Resolution: Unresolved
-
Minor
-
None
-
4.0.10, 4.2.4
-
None
Hello,
Please allow reloading TLS related parameters without zabbix_server or zabbix_proxy daemon restart. The related settings are:
####### TLS-RELATED PARAMETERS ####### ### Option: TLSCAFile # Full pathname of a file containing the top-level CA(s) certificates for # peer certificate verification. # # Mandatory: no # Default: # TLSCAFile= ### Option: TLSCRLFile # Full pathname of a file containing revoked certificates. # # Mandatory: no # Default: # TLSCRLFile= ### Option: TLSCertFile # Full pathname of a file containing the server certificate or certificate chain. # # Mandatory: no # Default: # TLSCertFile= ### Option: TLSKeyFile # Full pathname of a file containing the server private key. # # Mandatory: no # Default: # TLSKeyFile=
In a real-life situation, the path (inside zabbix_proxy.conf) of CA file, cert file and the key file will remain untouched.
The idea is for the live daemon is to pick up the new cert file, new key file using the same path. No extra re-read from zabbix_server.conf or zabbix_proxy.conf. Only the content of crt, key, CA now file is different.
Before certificate gets re-loaded into the running backend daemon it must validate itself using CA file.
The way how I imagine this is by typing:
zabbix_proxy -R tls_reload
Regards,