our test environment has been running for a few months now. The time will come when the certificates for encrypting port 8200 itself will expire. No problem generating new ones. But can I swap them without restarting? I want to avoid the unseal process.
yes, works wonderfully. Only Firefox still shows the old certificate / expiration date after a SIGHUP to the process and a reload of the page. But openssl direct on the port shows the new data. I was confused for a moment.