15.01.2019 21:33, Bruno de Paula Larini пишет:
Em 15/01/2019 15:01, Dmitry Melekhov escreveu:
5 years, really, not very long period of time, if I'll be sure to not
work here in 5 years then I'll use this ;-) , unfortunately I'm not :-(
I don't need to replace certificate every year or so, but I need to
have minimal service interruption for every user during certificate
replacement,
and I'm sure that certificate will need replacement for some reason.
If your clients are running Windows and are AD members, you could
distribute the certificates very easily via GPO. If not I can only
think of a scripted solution on client's side, as Eliezer suggested.
I guess we have not more 1/3 of computers in AD, and not all of them are
windows , we also have linux and macos...
As for avoiding the downtime, try to add, not replace the new one in
the clients' certificate store beforehand. When you're certain that
all of the clients are updated, then switch the Squid's CA.
-Bruno
Thank you very much, this simple and efficient :-)
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
