On Thu, Mar 09, 2006 at 10:46:51AM -0500, Doug Frippon wrote: > I'm not sure that I should post it on a OpenBSD mailling list because > my ISAKMPD is working well with pre-shared key. The only bog come from > the certificate. I know that I should create a CA certificate, a > certificate for the OBSD and one for the remote user. but what should > I export to OpenBSD and remote user???
That's very much an application question. I don't use OBSD so I can only talk in generalities. OBSD needs to have a private key, and it needs to have a certificate containing the public key corresponding to its private key. The same applies at the client end. Additionally, both OBSD and the client need to have the root CA certificate for your CA in the right place. How exactly you do this is very much a question on how you configure OBSD, and how you configure the client. > and I did a search with openssl > and altSubjectName that why I didn't found anything!! My bad. In > simple word, my question is does my two host need to have their > certificate, the remote certificate, the CA certificate, and their > private key??? Almost. Each host needs to have their own private key, their own certificate, and the CA certificate, in the right places. When the isakmp exchange takes place, each side will present its certificate to the other side. So you don't need to store the other side's certificate anywhere. Brian. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]