[Openswan Users] expired/replaced certs and listpubkeys
Arne Bernin
arne at alamut.de
Wed Apr 26 13:44:53 CEST 2006
Hi all!
I am wondering how to get rid of expired pubkeys without restarting
ipsec(pluto) completely. I have a vpn gateway running openswan 2.4.4 and
a script that uses "ipsec auto --listpubkeys" to warn before a
certificate/pubkey expires. Whenever i receive a warning from this
script, i create a new cert and use "ipsec auto --replace" to change the
connection to use this new one. Unfortunatly the pubkey is still there
with --listpubkeys, so my script continues to warn about the expiring
cert (and after it is expired, the pubkey is still there, with a
"fatal(expired)".
Is there a way to get rid of the pubkeys in this case ? Or is
"--listpubkeys" the wrong command to achieve this ??
thanks,
arne
--
Arne Bernin <arne at alamut.de>
http://www.ucBering.de
More information about the Users
mailing list