John Scalia <jayknowsunix@xxxxxxxxx> writes: > Well, it turned out that the CRL was in the wrong format. So, I managed > to convert it with OpenSSL and it loaded properly. I do have one more > question... the Treasury Department, which produces these certificates > for us, expires all the CRL's in just 6 hours, Ugh. > so does that mean I'd have to do restart on the database each time I got > a new one or would a reload work? As of PG 10, a reload would work, but in prior versions you'll have to restart to get it to pick up new SSL config files. If you're feeling desperate you could try back-patching commit de41869b6, but keep in mind that hasn't made it through a beta-test cycle yet. regards, tom lane -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
