[Openswan Users] CA Cert Expired!!

Agent Smith news8080 at yahoo.com
Mon Nov 14 08:01:02 CET 2005



Thanks for that, I was able to generate a new cacert
and it does show up as a valid cert now in the 'ipsec
auto --listcacerts' output. the tunnels are still
broken with same error message. 

any suggestions?


--- Andreas Steffen <andreas.steffen at strongsec.net>
wrote:

> Just take the old RSA private key and re-issue the
> CA certificate
> with the desired validity interval. Make sure that
> neither the
> serial number nor the distinguished name gets
> changed. The
> command
> 
>    openssl req -x509 -new -key cakey.pem -days 3650
> -out cacert.pem
> 
> should achieve this. Then redeploy the CA
> certificate to all
> IPsec peers.
> 
> Regards
> 
> Andreas
> 
> Agent Smith wrote:
> > I got a real problem here and can use some help if
> > someone can provide it.
> > 
> > The ca certificate on my L2tp connections has
> expired
> > and I'd hate for all of the remote users to
> > re-generate themselvs a new certificate just
> because I
> > screwed up and not looked at 'ipsec auto
> > --listcacerts' output when I first generated this
> > cert. It looks like it has default life of 30
> days.
> > 
> > is it even possible to reuse this CA cert? or am I
> > totalled screwed here?
> > 
> > anyone?
> 
>
=======================================================================
> Andreas Steffen                   e-mail:
> andreas.steffen at strongsec.com
> strongSec GmbH                    home:  
> http://www.strongsec.com
> Alter Zürichweg 20                phone:  +41 1 730
> 80 64
> CH-8952 Schlieren (Switzerland)   fax:    +41 1 730
> 80 65
> ==========================================[strong
> internet security]===
> 



		
__________________________________ 
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com


More information about the Users mailing list