[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    [strongSwan] Certificates - 2 queries
From:       michael.potter () mackay ! co ! uk (Michael Potter)
Date:       2006-06-30 14:14:19
Message-ID: 44A5158B.2030105 () mackay ! co ! uk
[Download RAW message or body]

Hallo and thanks for all earlier help

I have 3 questions now regarding certificates.

1.  If I would like to start from the beginning again with regard to 
certificates can I simply delete all the certificates that I created and 
deployed and start the index.txt and serial files from the beginning 
again - then just go through the whole process of creating the CA etc., 
or would there be traces of info that would not allow this?

2.  When I first got a test net-net tunnel set up, I created the CA on 
one machine and copied it over to the other, then I created the host 
requests and certs on the individual machines - now in an example I have 
been looking at prior to looking into setting up a roadwarrior 
connection, I see that besides the CA being created on just one machine 
and copied over, the host/user certs are also created on the one 
machine, renamed and then copied out to the other gate and to clients.  
Is this the pattern I should follow, of using one of the tunnel gateways 
as the machine on which to generate all certs/keys, then renaming and 
copying over as necessary?

3.  In the example I was looking at, the person was using the CA.sh 
script to generate certs - is there any special difference between using 
the CA.sh script or using the commands as shown in the strongSwan 
documentation?  The persons example that I refer to was to do with 
openswan but I suppose cert matters might be the same with strongSwan.

best wishes

Michael Potter

-----

This email is subject to Mackays Terms and Conditions which may be found at www.mackay.co.uk/emailtc.php

[prev in list] [next in list] [prev in thread] [next in thread]