[Openswan Users] Remote users (roadwarrior) with multiple CA certs?
Tuomo Soini
tis at foobar.fi
Tue Mar 27 09:39:21 EDT 2012
On Tue, 27 Mar 2012 10:20:06 +0200
Adam Rybak <arybak at ar-it.pl> wrote:
> Hello All,
>
> i currently have configuration for remote users with roadwarrior
> IPSEC/L2TP - all users have certs from my private CA and ewerything
> works ok - but my CA is about to expire in the fiture - i want to
> migrate all users to new CA and new certs but i cannot do this at one
> time - i want to migrate continously - some will have old certs (old
> CA) and some will use new certs (new CA). Currently users cannot
> connect with new ca - i added new ca to the /etc/ipsec.d/cacerts/ and
> reread it but in configuration i have explicite that vpn users
> vpnt4.crt which was created in old CA context... it is possible to
> add separate cert for this new ca?
You just add new gw certificate which is signed by new ca and add new
conns with new certs.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list