[strongSwan] Dynamic update of End Entity Certificate

Shukla, Sanjay Sanjay.Shukla at ipc.com
Thu Jun 21 22:45:13 CEST 2012

Hi Divya,

Does this work for you .. I am having a similar requirement.


Please consider the environment before printing this email.

-----Original Message-----
From: users-bounces+sanjay.shukla=ipc.com at lists.strongswan.org [mailto:users-bounces+sanjay.shukla=ipc.com at lists.strongswan.org] On Behalf Of Andreas Steffen
Sent: Thursday, June 21, 2012 7:36 AM
To: divya mohan
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Dynamic update of End Entity Certificate


I haven't actually tested it, but could you give your new certificate a different file name, then edit ipsec.conf


conn xy


conn xy

and then execute

  ipsec down xy
  ipsec update
  ipsec up xy

which would keep all other connections active?



On 21.06.2012 12:50, divya mohan wrote:
> Hi,
> Hi,
> Thanks for the clarification.
> 'ipsec reload' would be a costly operation since it would terminate
> all the connections and add them back.
> Is there any way to terminate and add back only one connection, out of many?
> Is it possible to achieve a reload of a single connection with 'ipsec'
> tool, by sending stroke down, stroke delete, and then stroke add, for
> that?
> Regards,
> Divya Mohan M
> On Mon, Jun 18, 2012 at 2:59 PM, Tobias Brunner <tobias at strongswan.org> wrote:
>> Since the end entity certificates are configured with left|rightcert
>> you have to use 'ipsec reload' to reload them.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list