The old SSL certificate has expired and I want to renew the SSL certificate. However, the server already has established multiple links with other clients. So, can I just bind the old sockets to the new ssl, which means I don’t need to disconnect the old base tcp links?
Advertisement
Answer
Existing TLS connections don’t need to get updated with a new certificate – the server certificate is only checked at the beginning of the TLS connection. If your specific server supports updating the server certificate without a restart and thus without closing established connections is unknown – some do and some don’t.