Thx Brian that's exactly what I was trying to figure out. For the part on where cert goes and how to tell apps to use it it's ok but almost from the begining, I though that my cert have been made incorrectly so that's why I was postinghere. From that point I should be able to make it work. thanks to you for all the help you provide me. Doug2die4 =-)
On 3/9/06, Brian Candler <[EMAIL PROTECTED]> wrote: > On Thu, Mar 09, 2006 at 10:46:51AM -0500, Doug Frippon wrote: > > I'm not sure that I should post it on a OpenBSD mailling list because > > my ISAKMPD is working well with pre-shared key. The only bog come from > > the certificate. I know that I should create a CA certificate, a > > certificate for the OBSD and one for the remote user. but what should > > I export to OpenBSD and remote user??? > > That's very much an application question. > > I don't use OBSD so I can only talk in generalities. OBSD needs to have a > private key, and it needs to have a certificate containing the public key > corresponding to its private key. The same applies at the client end. > > Additionally, both OBSD and the client need to have the root CA certificate > for your CA in the right place. > > How exactly you do this is very much a question on how you configure OBSD, > and how you configure the client. > > > and I did a search with openssl > > and altSubjectName that why I didn't found anything!! My bad. In > > simple word, my question is does my two host need to have their > > certificate, the remote certificate, the CA certificate, and their > > private key??? > > Almost. Each host needs to have their own private key, their own > certificate, and the CA certificate, in the right places. When the isakmp > exchange takes place, each side will present its certificate to the other > side. So you don't need to store the other side's certificate anywhere. > > Brian. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]