[osiris-devel] key regeneration (expiration time = 1 year , so be ready for headache after 1 year of succesfull running)
Alexei_Roudnev
Alexei_Roudnev at exigengroup.com
Sat Sep 25 03:17:16 EDT 2004
Hmm; I hacked daemon (so that it generates keys valid for 10 years) and it took only 3 hours to clean old keys and restart agents on 100 servers (so if you have 1000 servers, you can complete everything in a week -:) even without automation). Btw, X509 do not allow to generate keys valid for 100 years -:).
Anyway, it should have some bypass and long term solution; long term can be _allow 2 different certificates to coexist, and push new certificate if agent have old one); short term - some script. I find pretty simple GUI for windows, allowing to install service remotely (having simple exe file), which can be used for remote agent installation; may be, something like this can be done in this case as well (change of certificate, change of central server, etc).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/osiris-devel/attachments/20040925/82b5e530/attachment.htm
More information about the osiris-devel
mailing list