Currently, there is no davici API to remove just a single certificate from strongSwan.
The only way is to clear all credentials (clear-creds command) which unloads all certificates and private keys from strongswan, and then load the ones you actually want.
Refer to How to unload a particular certificate from strongswan.
This is a limitation, because when a certificate is unloaded, all traffic must be re-started, even is the certificate is not being used at all.
Is it possible to improve davici library to get rid of this limitation ?
amdrsantos
commented
2 years ago
Currently, there is no davici API to remove just a single certificate from strongSwan. The only way is to clear all credentials (clear-creds command) which unloads all certificates and private keys from strongswan, and then load the ones you actually want. Refer to How to unload a particular certificate from strongswan.
This is a limitation, because when a certificate is unloaded, all traffic must be re-started, even is the certificate is not being used at all.
Is it possible to improve davici library to get rid of this limitation ?
Thanks in advance, Alex