[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openikev2-users
Subject:    [openikev2-users] IKE_AHTH problem solved
From:       alejandro_perez () dif ! um ! es (Alejandro Perez Mendez)
Date:       2006-07-17 8:06:15
Message-ID: 1153116420.19998.13.camel () localhost ! localdomain
[Download RAW message or body]


> Hello,
>  
> I have read the log output .I made a mistake at the role
> definition.After correcting it, 
> my problem about IKE_AUTH is solved.
> Thank you for all your help.

Good news
 
> In addition ,I download the openikev2 version 0.92.In the
> openikev2.conf file,
> certificate file named certificate1, certificate2,ca_certificate1,
> ca_certificate2,cert_white_list and cert_black_list are needed.
> Are they all needed? 

certificate1, certificate2 are the certificates (in preference order)
you will use to authenticate you when using cert authentication. You can
have one or more. In exameple, you may have myVerisignCertificate,
myWorkCertificate, myTestCertificate, etc. If this list is empty, you
cannot authenticate against others using certificates.

ca_certificates are the trusted certification authorities which are
valid for the received certificate payloads. If a peer authenticates
itself using a valid certificate from one of yours valid CAs, then the
authentication will be success.

cert_white_list is a certificate list which are trusted for you, even if
its issuer CA is not in the ca_certificate list.

cert_black_list is a certificate list which are blocked, denied or
untrusted for you, even if its issuer CA is in the ca_certificate list. 

> I search over the Internet and found that, the private key and public
> key and the certificate could be generated by openssl, and I
> wonder ,how to generate such PEM and DER format file in  the openikev2
> software ? Is it same ?

OpenIKEv2 hasn't any way to generate certificates. You must use another
tool (as openssl) to do that. Concretely, we use openssl :)


-- 
Alejandro Perez Mendez <alejandro_perez@dif.um.es>

[prev in list] [next in list] [prev in thread] [next in thread]