[strongSwan] How to flush certificate cache

Lin, Clifton (US SSA) clifton.lin at baesystems.com
Wed Dec 8 20:03:46 CET 2010


Hi,

I am using strongSwan 4.5.0, and I am having a problem where old certificates remain in the certificate cache even after I have removed the certificate file, replaced it with a new one, and reloaded the configuration (using 'ipsec reload').  After doing this, 'ipsec listcerts' returns BOTH the old and new certificate entries.  When I try to start the connection again, it fails, I think because it is still trying to use the old certificate information.  The only way I have been able to flush the cache is by restarting ipsec using 'ipsec restart'.  Then, 'ipsec listcerts' correctly returns only the new certificate entry, and I am able to start the connection.

How can I flush these old entries without having to restart?

Thanks,
Clifton






More information about the Users mailing list