[strongSwan] Dynamic update of End Entity Certificate
Andreas Steffen
andreas.steffen at strongswan.org
Thu Jun 21 13:36:08 CEST 2012
Hi,
I haven't actually tested it, but could you give your new
certificate a different file name, then edit ipsec.conf
from
conn xy
leftcert=myCert.pem
to
conn xy
leftcert=myNewCert.pem
and then execute
ipsec down xy
ipsec update
ipsec up xy
which would keep all other connections active?
Regards
Andreas
On 21.06.2012 12:50, divya mohan wrote:
> Hi,
>
> Hi,
>
> Thanks for the clarification.
>
> 'ipsec reload' would be a costly operation since it would terminate
> all the connections and add them back.
> Is there any way to terminate and add back only one connection, out of many?
>
> Is it possible to achieve a reload of a single connection with 'ipsec'
> tool, by sending stroke down, stroke delete, and then stroke add, for
> that?
>
>
> Regards,
> Divya Mohan M
>
>
>
>
> On Mon, Jun 18, 2012 at 2:59 PM, Tobias Brunner <tobias at strongswan.org> wrote:
>> Since the end entity certificates are configured with left|rightcert you
>> have to use 'ipsec reload' to reload them.
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120621/ec76d852/attachment.bin>
More information about the Users
mailing list