Re: Rotate SSL certificates on reload (SIGHUP) without restart

Hi Tatsuo,

Please find the attached patch that implements this feature. This patch
allows Pgpool-II to pick up rotated TLS certificates upon receiving a
SIGHUP without a restart, aligning its behavior with PG 12+.
As this is my first time contributing to the Pgpool-II project, please bear
with me if I missed any specific formatting or submission conventions. I am
happy to make any necessary adjustments to the code.

Thanks,
Bob

On Thu, Mar 19, 2026 at 11:22 AM Tatsuo Ishii <ishii(at)postgresql(dot)org> wrote:

> Hi Bob,
>
> > Hi Tatsuo,
> >
> > Have there been any further considerations regarding changes to the
> pgPool
> > codebase to support SSL certificate rotation on reload?
> >
> > As DigiCert has announced last year (
> >
> https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days
> ),
> > TLS/SSL certificate lifetimes will be reduced progressively in the coming
> > years, with the industry moving toward much shorter validity periods.
> This
> > makes the current requirement to fully restart the service for
> certificate
> > renewal increasingly impractical.
> >
> > Please let us know whether this enhancement is being considered, or if
> > there are any plans or timelines for addressing it.
>
> I just have too many things to do for now (fixing bugs and evaluating
> proposed patches), and I cannot estimate timelines for this. Plus, I
> am not super familiar with this are (SSL). If you could provide
> patches for this, it would greatly help me.
>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS K.K.
> English: http://www.sraoss.co.jp/index_en/
> Japanese:http://www.sraoss.co.jp
>