Hello everybody,
We are using for one year now a VPN architecture with few pix and with certificates authentication. These certificates are stored and delivered on a W2K CA server with MSCEP addon installed. (W2K sp3 with MSCEP 5.131.2195.1).
The server is a stand alone CA server and all pix are in 6.2.1 version.
The problem is that the certificates are going to be expired, especially the RA certificate - generated by MSCEP addon installation -.
How can I renew this RA certificate ?
I tried to reinstall the MSCEP addon but that generates a new RA certificate and implies that all tunnels between pix do not work anymore. (RA certificate stored on the pix is different from the new RA stored on the CA server)
How can I renew this RA without installing the MSCEP addon and without modifying existing VPN tunnels ?
Can I modify the expiration time of the RA certificate ? (one year default)
Thank you for your help.