[squid-users] ssl bump, CA certificate renewal, how to?
eliezer at ngtech.co.il
eliezer at ngtech.co.il
Wed Jan 16 21:16:58 UTC 2019
+1
If the certificate is still working do the updates step by step and when you have successfully distributed the certificate make the switch.
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Bruno de Paula Larini
Sent: Tuesday, January 15, 2019 19:33
To: squid-users at squid-cache.org
Subject: Re: [squid-users] ssl bump, CA certificate renewal, how to?
Em 15/01/2019 15:01, Dmitry Melekhov escreveu:
>
> 5 years, really, not very long period of time, if I'll be sure to not
> work here in 5 years then I'll use this ;-) , unfortunately I'm not :-(
>
> I don't need to replace certificate every year or so, but I need to
> have minimal service interruption for every user during certificate
> replacement,
>
> and I'm sure that certificate will need replacement for some reason.
>
If your clients are running Windows and are AD members, you could
distribute the certificates very easily via GPO. If not I can only think
of a scripted solution on client's side, as Eliezer suggested.
As for avoiding the downtime, try to add, not replace the new one in the
clients' certificate store beforehand. When you're certain that all of
the clients are updated, then switch the Squid's CA.
-Bruno
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list