I'm not sure that I should post it on a OpenBSD mailling list because my ISAKMPD is working well with pre-shared key. The only bog come from the certificate. I know that I should create a CA certificate, a certificate for the OBSD and one for the remote user. but what should I export to OpenBSD and remote user??? and I did a search with openssl and altSubjectName that why I didn't found anything!! My bad. In simple word, my question is does my two host need to have their certificate, the remote certificate, the CA certificate, and their private key??? I think it must have the remote cert, the local cert and the corresponding priv key but not sure about CA cert??? Thx to all for help!!!
On 3/9/06, Brian Candler <[EMAIL PROTECTED]> wrote: > On Thu, Mar 09, 2006 at 09:13:05AM -0500, Doug Frippon wrote: > > I most admit that I haven`t tried that search exactly but I ve got > > this error with ISAKMPD adn try with that instead of openssl. > > Thx > > But I'd like to know what should I do with all the certs that I have > > to create. Which should go on the host pc (my OBSD where the CA is and > > etc...) and wich on the user pc > > Well, you originally asked how to use OpenSSL to create certificates with > subjectAltName. > > You are now asking a different question, which is very specific to OpenBSD's > IPSEC/IKE implementation. I'd suggest that you are more likely to get an > answer on an OpenBSD mailing list. > > When you post there, make sure you post your full pluto/isakmpd config, a > dump of your certificates, and all the relevant log entries which are > generated when you attempt to bring up a connection. > > If you have a working configuration using PSK, then you could post that too, > as it probably only needs a few tweaks to turn it into a certificate-based > one. > > Regards, > > Brian. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]