[strongSwan] Migrating to a new ca
dha at heise.de
Wed Feb 21 14:55:04 CET 2018
after many years with our old certification authority for strongswan
I'm planning to migrate to a new one with more modern crypto.
To make it as painless as possible for the end users I plan on adding a
second ca and a matching second server certificate to our installation.
Over time I would update the old clients with the new ca and new
For the linux and mac clients and some Windows clients we use unique
connection descriptions so there is no problem to provide a leftid and
leftcert for the ones that are updated.
But I'm not sure about the config for our eap clients.
The configuration part is
leftid="C=DE, O=OUR COMPANY, CN=STRONGSWANSERVER"
Is it possible to add a second connection definition that is identical
leftid="C=DE, O=OUR COMPANY, CN=STRONGSWANSERVER2018"
so that eap clients can connect to the server when they are equiped
with either the old or the new ca?
More information about the Users