[squid-users] ssl bump, CA certificate renewal, how to?
Dmitry Melekhov
dm at belkam.com
Wed Jan 16 05:56:36 UTC 2019
15.01.2019 21:33, Bruno de Paula Larini пишет:
> Em 15/01/2019 15:01, Dmitry Melekhov escreveu:
>>
>> 5 years, really, not very long period of time, if I'll be sure to not
>> work here in 5 years then I'll use this ;-) , unfortunately I'm not :-(
>>
>> I don't need to replace certificate every year or so, but I need to
>> have minimal service interruption for every user during certificate
>> replacement,
>>
>> and I'm sure that certificate will need replacement for some reason.
>>
> If your clients are running Windows and are AD members, you could
> distribute the certificates very easily via GPO. If not I can only
> think of a scripted solution on client's side, as Eliezer suggested.
I guess we have not more 1/3 of computers in AD, and not all of them are
windows , we also have linux and macos...
> As for avoiding the downtime, try to add, not replace the new one in
> the clients' certificate store beforehand. When you're certain that
> all of the clients are updated, then switch the Squid's CA.
>
> -Bruno
Thank you very much, this simple and efficient :-)
More information about the squid-users
mailing list