[Openswan Users] Remote users (roadwarrior) with multiple CA certs?

Tuomo Soini tis at foobar.fi
Tue Mar 27 09:39:21 EDT 2012

On Tue, 27 Mar 2012 10:20:06 +0200
Adam Rybak <arybak at ar-it.pl> wrote:

> Hello All,
>      i currently have configuration for remote users with roadwarrior
> IPSEC/L2TP - all users have certs from my private CA and ewerything
> works ok - but my CA is about to expire in the fiture - i want to
> migrate all users to new CA and new certs but i cannot do this at one
> time - i want to migrate continously - some will have old certs (old
> CA) and some will use new certs (new CA). Currently users cannot
> connect with new ca - i added new ca to the /etc/ipsec.d/cacerts/ and
> reread it but in configuration i have explicite that vpn users
> vpnt4.crt which was created in old CA context... it is possible to
> add separate cert for this new ca?

You just add new gw certificate which is signed by new ca and add new
conns with new certs.

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

More information about the Users mailing list