[strongSwan] dynamic user cert updates

Modster, Anthony Anthony.Modster at Teledyne.com
Wed Dec 11 23:21:47 CET 2019

? any thoughts on this item

From: Modster, Anthony
Sent: Tuesday, December 10, 2019 4:00 PM
To: users at lists.strongswan.org
Subject: dynamic user cert updates


We cant seem to update our user cert dynamically ( without stopping charon ).

Our procedure is

  *   Load User Cert 1 into /etc/swanctl/x509/my-cert.crt
  *   vici_do_load()->load_conn()
  *   vici_do_connect()->init_conn()
  *   VPN tunnel comes up
  *   swanctl --list-certs, User Cert serial number is 0e
  *   vici_do_disconnect()->terminate_conn()
  *   vici_do_unload()->unload_conn()
  *   copy User Cert 2 into /etc/swanctl/x509/my-cert.crt
  *   vici_do_load()->load_conn()
  *   vici_do_connect()->init_conn()
  *   swanctl --list-certs, User Cert serial number is 0e (but it should be 0e)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191211/a2150df2/attachment-0001.html>

More information about the Users mailing list