[strongSwan] Dynamic update of End Entity Certificate

Divya Mohan divzsecondary at gmail.com
Fri Jun 22 13:09:54 CEST 2012

Hi Sanjay,

I am yet to perform extensive testing, but in basic testing this seems
to be working.

In case of any change in EE key, or CA cert 'ipsec rereadall' can be
done to use the new certificates.
I case of any change in EE cert, the method mentioned by Andreas can be used.

'ipsec down <connection>' should be done in both cases before, to
ensure that existing ISAKMP SA is teared down. New ISAKMP SA
establishment will happen using the modified certificates.

Divya Mohan M

On Fri, Jun 22, 2012 at 2:15 AM, Shukla, Sanjay <Sanjay.Shukla at ipc.com> wrote:
> Hi Divya,
> Does this work for you .. I am having a similar requirement.
> Regards,
> -sanjay

More information about the Users mailing list