Greetings, I have read with interest previous folk's descriptions of getting Hybrid Mode IKE for Secure Remote VPN connections up and running with "roll your own" certificates. Phoneboy mentioned using Openssl to create the user certificates and I must confess that I am drawing a blank as to exactly how that is done. I have implemented my CA on my firewall in order to get it ready for Hybrid IKE by following the previous. On the management console: 1) fwstop 2) fw internalca create -dn "o=mycompany, c=mycountrycode" 3) fw internalca certify -o myfwhostname "o=mycompany, c=mycountrycode" 4) fwstart I can now properly see the new CA in my GUI policy editor and everything looks ready to go. My VPN with Secure Remote clients is currently set up and working with both IKE and FWZ as options at the moment and is working properly with password authentication only (but not for long). I am using Checkpoint/VPN1 4.1 SP4. However, I don't know the next step. I don't want to pay for some package to produce user certificates (Entrust etc.), and would really like to manage my own free ones (the VPN users are going to be a small private group and will be easy to manage). What type of certificates (x.509 etc. etc.) am I going to create with Openssl (BTW - I have the latest version of Openssl)? Could someone perhaps suggest a command line sequence I might use? I assume I run the Openssl against the cert/CA I created on Firewall 1 somehow, but am a little unclear as to how this is done. I have reviewed the Openssl docs and the archives of this and other lists without luck. Thanks in advance! [ Iain Gunther ][ Director of R&D ][ Ezenet Inc. ] [ http://www.ezenet.com ][ mailto:[EMAIL PROTECTED] ] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
