[squid-users] ssl bump, CA certificate renewal, how to?
Bruno de Paula Larini
bruno.larini at riosoft.com.br
Tue Jan 15 17:33:18 UTC 2019
Em 15/01/2019 15:01, Dmitry Melekhov escreveu:
>
> 5 years, really, not very long period of time, if I'll be sure to not
> work here in 5 years then I'll use this ;-) , unfortunately I'm not :-(
>
> I don't need to replace certificate every year or so, but I need to
> have minimal service interruption for every user during certificate
> replacement,
>
> and I'm sure that certificate will need replacement for some reason.
>
If your clients are running Windows and are AD members, you could
distribute the certificates very easily via GPO. If not I can only think
of a scripted solution on client's side, as Eliezer suggested.
As for avoiding the downtime, try to add, not replace the new one in the
clients' certificate store beforehand. When you're certain that all of
the clients are updated, then switch the Squid's CA.
-Bruno
More information about the squid-users
mailing list