[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] strongSwan certificates requirements
From: hburde () t-online ! de (Holger Burde)
Date: 2006-06-23 16:49:25
Message-ID: 1151070633.2779.18.camel () marvin ! burde-consulting ! de
[Download RAW message or body]
Hi;
There is a perl wrapper called CA.pl (Redhat : openssl-perl.rpm) which
makes things more easy. The command that creates the CA also sets up the
CRL Files in one step.
hb
Am Freitag, den 23.06.2006, 11:13 +0100 schrieb Michael Potter:
> Having come to the conclusion that my failure to make a working vpn with
> strongSwan so far is due to my not understanding the certificate
> generation and deployment, I tried to go over the documented process
> more carefully.
>
> My result was that after generating a CA certificate
> (organisationKey.pem/organisationnameCert.pem) and placing the *Cert.pem
> in /etc/ipsec.d/cacerts/, I then went on to create the host or user
> certificate (thisHostReq.pem/thisHostKey.pem).
>
> The problem then arises that when I try to sign the thisHostReq.pem I
> get an error to do with missing /etc/ipsec.d/index.txt and
> /etc/ipsec.d/serial files??
>
> When looking for info, I get things that suggest that I might have to do
> something to create these files, but am not sure what. There is some
> mention of a make init command to use with a makefile posted somewhere,
> but I am hoping that someone can point me to info or provide it which
> will demystify this point.
>
> I am supposing that once I can make the thishostCert.pem then just
> putting it in the place as described in the documentation, and then
> doing the same at the host at the other end of the vpn tunnel and
> copying the thisOrganisationCert.pem over to the other end of the vpn is
> perhaps the necessary deployment of keys/certs?? (Plus of course
> referencing the host certificate in the ipsec.conf file).
>
> I would be happy to read it up if I knew where to find the directions in
> one place, but so far am passing to and fro and not finding the
> different parts of directions coming together understandably.
>
> Michael.
>
> p.s. using Slackware 10.2 with 2.6 kernel, strongSwan-2.7.1, the openssl
> is the one that came with the slackware installation. Seeing things
> about make init that are perhaps to do with openssl
> configuration/installation, I am wondering whether I need to actually
> make and install openssl to complete it for this situation?
>
> M
>
> -----
>
> This email is subject to Mackays Terms and Conditions which may be found at \
> www.mackay.co.uk/emailtc.php
> _______________________________________________
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
--- -- -
Dipl. Inform. H. Burde
EMail : <hburde@t-online.de>| <hburde@uni-bremen.de>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic