+1 If the certificate is still working do the updates step by step and when you have successfully distributed the certificate make the switch. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Bruno de Paula Larini Sent: Tuesday, January 15, 2019 19:33 To: squid-users@xxxxxxxxxxxxxxx Subject: Re: ssl bump, CA certificate renewal, how to? Em 15/01/2019 15:01, Dmitry Melekhov escreveu: > > 5 years, really, not very long period of time, if I'll be sure to not > work here in 5 years then I'll use this ;-) , unfortunately I'm not :-( > > I don't need to replace certificate every year or so, but I need to > have minimal service interruption for every user during certificate > replacement, > > and I'm sure that certificate will need replacement for some reason. > If your clients are running Windows and are AD members, you could distribute the certificates very easily via GPO. If not I can only think of a scripted solution on client's side, as Eliezer suggested. As for avoiding the downtime, try to add, not replace the new one in the clients' certificate store beforehand. When you're certain that all of the clients are updated, then switch the Squid's CA. -Bruno _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
