>
> Thanks Selva for the link! Two rounds will be a bit laborious as there
> are many endpoints. If I have to go for option A (Stacked CAs on all
> clients, stacked CAs on the server then update the server), is there a
> downside with leaving an expired CA cert on all the clients ? Or can they
>
On 02.10.23 22:21, mike tancsa wrote:
If I have to go for option A (Stacked CAs on all
clients, stacked CAs on the server then update the server), is there a
downside with leaving an expired CA cert on all the clients ? Or can
they just be left there until the devices get re-imaged over time ?
On 10/2/2023 3:59 PM, Selva Nair wrote:
If you can afford two rounds of client config updates, this could be
done without step 3 -- see the following thread from users list:
https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg05983.html
Essentially, update to the stacked
On Mon, Oct 2, 2023 at 3:00 PM mike tancsa wrote:
> I am in a position where I want to start migrating users away from my
> old CA which will expire in the medium term future to a new CA. I have
> many endpoint and cant just "OK, everyone download a new files now."
> So I am looking at the step
I am in a position where I want to start migrating users away from my
old CA which will expire in the medium term future to a new CA. I have
many endpoint and cant just "OK, everyone download a new files now."
So I am looking at the steps in
https://www.hexonet.net/blog/migrating-new-ca-for
