On 2019-10-17 07:20, raf wrote:
> https://www.postgresql.org/docs/12/ssl-tcp.html says:
>
> "Using a passphrase also disables the ability to
> change the server's SSL configuration without a
> server restart."
This is actually no longer true since PostgreSQL 11. I have committed a
fix.
> How is key TLS key changed without a server restart?
> Is replacing the server.crt/server.key files enough
> or is there more to it?
You need to issue a reload, for example using SIGHUP. That is supported
since PostgreSQL 10.
> And will existing connections continue to use the old
> key until they disconnect?
yes
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services