[Swan] Reread RSA Public Keys
Craig Marker
cmarker at inspeednetworks.com
Thu May 25 22:55:23 UTC 2017
Currently, I’m using a NSS directory with imported certificates and keys. When I import a new certificate of the same name as the previously used one, Libreswan’s list of RSA public keys (output of ipsec auto listpubkeys) doesn’t get updated to reflect this change.
This is problematic, since Libreswan will continue to use the old public key, which is expiring, and that will eventually kill the tunnel connection. When I run ipsec restart, the RSA public keys get cleared, and when the tunnel connection is reestablished, the correct RSA public key is being used.
Is there some set of commands I can use other than ipsec restart to clear old RSA Public Keys and read in new ones?
More information about the Swan
mailing list