[strongSwan] Dynamic update of End Entity Certificate

Shukla, Sanjay Sanjay.Shukla at ipc.com
Thu Jun 21 22:45:13 CEST 2012


Hi Divya,

Does this work for you .. I am having a similar requirement.

Regards,
-sanjay


-----------------------------------------------------
Please consider the environment before printing this email.

-----Original Message-----
From: users-bounces+sanjay.shukla=ipc.com at lists.strongswan.org [mailto:users-bounces+sanjay.shukla=ipc.com at lists.strongswan.org] On Behalf Of Andreas Steffen
Sent: Thursday, June 21, 2012 7:36 AM
To: divya mohan
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Dynamic update of End Entity Certificate

Hi,

I haven't actually tested it, but could you give your new certificate a different file name, then edit ipsec.conf

from

conn xy
     leftcert=myCert.pem

to

conn xy
     leftcert=myNewCert.pem

and then execute

  ipsec down xy
  ipsec update
  ipsec up xy

which would keep all other connections active?

Regards

Andreas

On 21.06.2012 12:50, divya mohan wrote:
> Hi,
>
> Hi,
>
> Thanks for the clarification.
>
> 'ipsec reload' would be a costly operation since it would terminate
> all the connections and add them back.
> Is there any way to terminate and add back only one connection, out of many?
>
> Is it possible to achieve a reload of a single connection with 'ipsec'
> tool, by sending stroke down, stroke delete, and then stroke add, for
> that?
>
>
> Regards,
> Divya Mohan M
>
>
>
>
> On Mon, Jun 18, 2012 at 2:59 PM, Tobias Brunner <tobias at strongswan.org> wrote:
>> Since the end entity certificates are configured with left|rightcert
>> you have to use 'ipsec reload' to reload them.
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users


--
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==





More information about the Users mailing list