[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] Certificates - 2 queries
From: michael.potter () mackay ! co ! uk (Michael Potter)
Date: 2006-06-30 14:14:19
Message-ID: 44A5158B.2030105 () mackay ! co ! uk
[Download RAW message or body]
Hallo and thanks for all earlier help
I have 3 questions now regarding certificates.
1. If I would like to start from the beginning again with regard to
certificates can I simply delete all the certificates that I created and
deployed and start the index.txt and serial files from the beginning
again - then just go through the whole process of creating the CA etc.,
or would there be traces of info that would not allow this?
2. When I first got a test net-net tunnel set up, I created the CA on
one machine and copied it over to the other, then I created the host
requests and certs on the individual machines - now in an example I have
been looking at prior to looking into setting up a roadwarrior
connection, I see that besides the CA being created on just one machine
and copied over, the host/user certs are also created on the one
machine, renamed and then copied out to the other gate and to clients.
Is this the pattern I should follow, of using one of the tunnel gateways
as the machine on which to generate all certs/keys, then renaming and
copying over as necessary?
3. In the example I was looking at, the person was using the CA.sh
script to generate certs - is there any special difference between using
the CA.sh script or using the commands as shown in the strongSwan
documentation? The persons example that I refer to was to do with
openswan but I suppose cert matters might be the same with strongSwan.
best wishes
Michael Potter
-----
This email is subject to Mackays Terms and Conditions which may be found at www.mackay.co.uk/emailtc.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic