Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 406 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

miss my V6 generated remote keys after V7 upgrade

Andi
After import of V6-config I don't have the V6-generated certificates
(remote keys) for road warrier connections any more.
Former config imports always imported these keys and the CA certificate.
What can I do not to have to generate all these user certificates again and distribute them to all my users.
I couldn't find any import possibilities of these remote
keys a_n_d the CA certificate.
I don't think that it works, if I import these files manually with scp.
I'm a little bit surprised because the update procedure paper doesn't tell anything about loosing these certificates (only about loosing the  the connection settings - but this is n_o_t the same thing).
Did I oversee something ?
 
Andreas


This thread was automatically locked due to age.
Parents
  • 0
    Hi Andreas,

    we just migrated from an ASL V5 to V7. We exported all User Certificates und the CA manually and imported them afterwards. Took a while and some effort from Astaro Support to get everything working. We had an issue, that the migrated Users could connect, new ones not... So if you have a lot Remote Users you can do it. If you have only a few user, create new Certificates.

    Volker
  • 0 in reply to Volker
    If you read the migration notes, you would see that there are many items that don't migrate at all for a V6 to V7 upgrade.  We generally just generate new certs and config files.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Sometimes, you just can't regenerate all certificates and than drive around to support and reconfigure alle remote users. It depends on your users...

    Volker
  • 0 in reply to Volker
    I already regenerated these certificates. I saw that it is 
    possible to import the old CA certificate for verify reason,
    but I wasn't sure weather this works with manual imported
    certificates. 
    I hadn't so many user certificates, but I was
    surprised that they do not mention that you have to regenerate
    these certificate. Once again: I read before that I have to configure
    the connections again, but it would have been better to
    mention that you have to regenerate all the certificates, because
    this could be really time wasting.
Reply
  • 0 in reply to Volker
    I already regenerated these certificates. I saw that it is 
    possible to import the old CA certificate for verify reason,
    but I wasn't sure weather this works with manual imported
    certificates. 
    I hadn't so many user certificates, but I was
    surprised that they do not mention that you have to regenerate
    these certificate. Once again: I read before that I have to configure
    the connections again, but it would have been better to
    mention that you have to regenerate all the certificates, because
    this could be really time wasting.
Children
No Data
Cookie Information Banner