Thanks, I'll try to convince the management to upgrade ASAP once 10 makes it into a production release.
Sent from my iPad
> On Jun 14, 2017, at 6:07 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> John Scalia <jayknowsunix@gmail.com> writes:
>> Well, it turned out that the CRL was in the wrong format. So, I managed
>> to convert it with OpenSSL and it loaded properly. I do have one more
>> question... the Treasury Department, which produces these certificates
>> for us, expires all the CRL's in just 6 hours,
>
> Ugh.
>
>> so does that mean I'd have to do restart on the database each time I got
>> a new one or would a reload work?
>
> As of PG 10, a reload would work, but in prior versions you'll have to
> restart to get it to pick up new SSL config files.
>
> If you're feeling desperate you could try back-patching commit de41869b6,
> but keep in mind that hasn't made it through a beta-test cycle yet.
>
> regards, tom lane