add reload documentation

This commit is contained in:
max furman 2018-11-12 14:19:30 -08:00
parent 40d7959c6d
commit 5467536ad2

View file

@ -28,10 +28,10 @@ your local machine.
### Mac OS
Install `step-ca` via [Homebrew](https://brew.sh/):
Install `step` via [Homebrew](https://brew.sh/):
```
brew install smallstep/smallstep/step-ca
brew install smallstep/smallstep/step
```
### Linux
@ -231,9 +231,37 @@ $ step ca certificate "foo.example.com" foo.crt foo.key --token "$TOKEN" \
You can take a closer look at the contents of the certificate using `step certificate inspect`:
```
step certificate inspect foo.crt
$ step certificate inspect foo.crt
```
## Reload
It is important that the CA be able to handle configuration changes with no downtime.
Our CA has a built in `reload` feature allowing it to:
1. Finish processing existing connections while blocking new ones.
2. Re-read the configuration file and initialize the API.
3. Begin accepting blocked and new connections.
The `reload` feature is triggered by sending a SIGHUP to the PID of the
Step CA process. A few important details to note when using `reload`:
* The location of the modified configuration must be in the same location as it
was in the original invocation of the `step-ca`. So, if the original command was
```
$ step-ca ./.step/config/ca.json
```
then, upon reload, the Step CA will read it's new configuration from the same
configuration file.
* Step CA requires the password to decrypt the intermediate certificate again
upon `reload`. You can auotmate this in one of two ways:
* Use the `--password-file` flag in the original invocation.
* Use the toplevel `password` attribute in the `ca.json` configuration file.
## Versioning
We use [SemVer](http://semver.org/) for versioning. For the versions available,