Dynamically replace certificates for TLS


I would like to know if there’s a way to dynamically replace the certificates used by Linkerd for TLS?
As I access the certificates via:

      certPath: /mnt/mesos/sandbox/certificates/certificate.pem
      keyPath: /mnt/mesos/sandbox/certificates/key.pem

Can I replace them without re-deploying the Linkerd service entirely?

Thanks in advance.

By default, these files are reloaded per connection, so you can update them without restarting Linkerd.

1 Like

A quick follow up, in a DC/OS environment can Linkerd get the certificates from anywhere except for mesos sandbox?

I’m not familiar with the Mesos sandbox, but Linkerd doesn’t really know about where the certs come from. It’s just reading the files from disk.

Okay, thanks.
Also, do you know if Linkerd supports certificates in p12 format? or only pem?