diff --git a/src/common/ceph_crypto.cc b/src/common/ceph_crypto.cc
index b81ffdfe323..9ba29455d33 100644
--- a/src/common/ceph_crypto.cc
+++ b/src/common/ceph_crypto.cc
@@ -37,14 +37,24 @@ ceph::crypto::HMACSHA1::~HMACSHA1()
 
 #elif USE_NSS
 
+// for SECMOD_RestartModules()
+#include <secmod.h>
+
 // Initialization of NSS requires a mutex due to a race condition in
 // NSS_NoDB_Init.
 static pthread_mutex_t crypto_init_mutex = PTHREAD_MUTEX_INITIALIZER;
+static pid_t crypto_init_pid = 0;
 
 void ceph::crypto::init(CephContext *cct)
 {
+  pid_t pid = getpid();
   SECStatus s;
   pthread_mutex_lock(&crypto_init_mutex);
+  if (crypto_init_pid != pid) {
+    if (crypto_init_pid > 0)
+      SECMOD_RestartModules(PR_FALSE);
+    crypto_init_pid = pid;
+  }
   if (cct->_conf->nss_db_path.empty()) {
     s = NSS_NoDB_Init(NULL);
   } else {
@@ -59,6 +69,7 @@ void ceph::crypto::shutdown()
   SECStatus s;
   s = NSS_Shutdown();
   assert(s == SECSuccess);
+  crypto_init_pid = 0;
 }
 
 ceph::crypto::HMACSHA1::~HMACSHA1()