Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 2373 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - changing cryptographic settings - will user cert/config regeneration take place

ChrisSoukup

We just found the problem for our daily VPN Client connection losses after 8 hors in the VPN SSL Advanced Cryprographic settings. The key lifetime is set by default to 28800 sec which corresponds to exactly 8 hours.

Now if we change the value to 16 hours and eventually change the key size to 2048 bit (which can be omitted) will the user certificates and/or the SSL VPN configuartion change in a way where users will be forced to download a new configuration updater from the User Portal to be able to connect again?

I'm asking because in that case I will have to prepare and educate our users before the change takes place.

BTW: does a increased keysize also needs a higher cpu performance on the router and on the endpoint?



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi ,

    Thanks for reaching out to the Community! 

    Changing the key life value and key size doesn't require a new configuration, and it won't re-generate the user certificate. 

    However, while I replicated these changes, a connected user got disconnected for a few seconds, then reconnected automatically. I would schedule a maintenance window to make these changes so it won't affect the production environment. 

    Yes, increasing the encryption key requires more resources. 

    Thanks,

Reply
  • FormerMember
    +1 FormerMember

    Hi ,

    Thanks for reaching out to the Community! 

    Changing the key life value and key size doesn't require a new configuration, and it won't re-generate the user certificate. 

    However, while I replicated these changes, a connected user got disconnected for a few seconds, then reconnected automatically. I would schedule a maintenance window to make these changes so it won't affect the production environment. 

    Yes, increasing the encryption key requires more resources. 

    Thanks,

Children
No Data
Unfiltered HTML