> I'm just about to set up ipsec509. All the docs seem to indicate that > OpenSSL is the tool to use to set up the certs. I see that certs can be > issued by a MS website, but I think the format of the certs must be changed > (from DER to ???) and OpenSSL is mentioned to do the conversion. Further, > fswcert is mentioned as the tool to install the certs (I think). > > I don't have OpenSSL or fswcert and I only have a standalone devel system > (slink w/ 2.0.36 I think). > > In the same way that SSH needs a few tools to get it up and running > (sshkey), is there a .lrp for the tools to get ipsec509 up and running (with > OpenSSH and fswcert) or must I find a way to build these or, better yet, are > these unnecessary?
The whole of OpenSSL is pretty big, and I don't believe it's been packaged for LRP. I haven't packaged the required OpenSSL utilities for x.509 IPSec functionality because: - I don't acutally use x.509 Certificates...this support was compiled at the request of someone on the LEAF-user list. - I don't generally like doing things like managing certificates (or even RSA host-keys) directly on the firewall box. - It's pretty easy to either install OpenSSL on any handy linux system, and it's much more appropriate on a "full" distribution. - I guess I figured anyone seriously using x.509 support for linux would have copies of these around somewhere already... You should be able to install & compile OpenSSL on your development system pretty easily...IIRC, it compiled on my Debian Slink system without issue. If you just need the openssl/fswcert binaries, I can probably post them, but they're pretty big (900K/500K), and I don't know what (if any) other programs are required to run (no special libraries are required, however, both programs should run OK on a default Dachstein system). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
