[Openswan Users] expired/replaced certs and listpubkeys

Arne Bernin arne at alamut.de
Wed Apr 26 13:44:53 CEST 2006

Hi all!

I am wondering how to get rid of expired pubkeys without restarting
ipsec(pluto) completely. I have a vpn gateway running openswan 2.4.4 and
a script that uses "ipsec auto --listpubkeys" to warn before a
certificate/pubkey expires. Whenever i receive a warning from this
script, i create a new cert and use "ipsec auto --replace" to change the
connection to use this new one. Unfortunatly the pubkey is still there
with --listpubkeys, so my script continues to warn about the expiring
cert (and after it is expired, the pubkey is still there, with a
Is there a way to get rid of the pubkeys in this case ? Or is
"--listpubkeys" the wrong command to achieve this ??


Arne Bernin <arne at alamut.de>


More information about the Users mailing list