Em 15/01/2019 15:01, Dmitry Melekhov escreveu:
5 years, really, not very long period of time, if I'll be sure to not
work here in 5 years then I'll use this ;-) , unfortunately I'm not :-(
I don't need to replace certificate every year or so, but I need to
have minimal service interruption for every user during certificate
replacement,
and I'm sure that certificate will need replacement for some reason.
If your clients are running Windows and are AD members, you could
distribute the certificates very easily via GPO. If not I can only think
of a scripted solution on client's side, as Eliezer suggested.
As for avoiding the downtime, try to add, not replace the new one in the
clients' certificate store beforehand. When you're certain that all of
the clients are updated, then switch the Squid's CA.
-Bruno
_______________________________________________
squid-users mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-users
