[Swan] pluto doesn't reread certfificates
peter_bendel at de.ibm.com
Mon Sep 14 11:29:49 UTC 2015
Certificates have a validity and expire when the validity is expired.
Thus in a production IPsec implementation it is necessary to replace the
certificates close to the expiration date.
For production servers it is a problem if ipsec service needs to be
restarted to pick up new certificates from the
In the following two topics it is mentioned that it is a current limitation
that to re-read the NSS SQlite db the
ipsec service needs to be restarted.
It was mentioned by Paul that Matt is working on a solution (Oct. 2014).
However I didn't find any mention in the changelog that this limitation is
Are there plans to fix/change this in the near future ?
Can I somehow help ?
Peter Bendel, IBM
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan