[strongSwan] Dynamic update of End Entity Certificate

Andreas Steffen andreas.steffen at strongswan.org
Thu Jun 21 13:36:08 CEST 2012


I haven't actually tested it, but could you give your new
certificate a different file name, then edit ipsec.conf


conn xy


conn xy

and then execute

  ipsec down xy
  ipsec update
  ipsec up xy

which would keep all other connections active?



On 21.06.2012 12:50, divya mohan wrote:
> Hi,
> Hi,
> Thanks for the clarification.
> 'ipsec reload' would be a costly operation since it would terminate
> all the connections and add them back.
> Is there any way to terminate and add back only one connection, out of many?
> Is it possible to achieve a reload of a single connection with 'ipsec'
> tool, by sending stroke down, stroke delete, and then stroke add, for
> that?
> Regards,
> Divya Mohan M
> On Mon, Jun 18, 2012 at 2:59 PM, Tobias Brunner <tobias at strongswan.org> wrote:
>> Since the end entity certificates are configured with left|rightcert you
>> have to use 'ipsec reload' to reload them.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120621/ec76d852/attachment.bin>

More information about the Users mailing list