hello..
plz tell me how to create host certificate and key.
this how i have done in the case of host-host case:
1. created strongswanCert.pem, strongswanKey.pem [at moon] using the README
file.
2. then i pasted strongswanCert.pem, strongswanKey.pem at sun.
3. created hostCert.pem, hostReq.pem at
You can create all certificates, keys etc. on one machine. As soon as
you're done with creating all certificates you copy the appropriate
files to the corresponding machines.
Search the web for a detailed tutorial on how to create a CA and issue
certificates with OpenSSL. Get back to the mailin
Hi,
Here is a good site on how to work OpenSSL:
http://www.madboa.com/geek/openssl/
- Original Message
From: Daniel Mentz
To: abhishek kumar
Cc: users@lists.strongswan.org
Sent: Saturday, 14 March, 2009 14:10:35
Subject: Re: [strongSwan] CA
You can create all certificates, keys
Gbenga wrote:
> Here is a good site on how to work OpenSSL:
> http://www.madboa.com/geek/openssl/
Well, this site seems to have lots of information about OpenSSL although
it does not describe how to set up a CA. I did a web search and found
the following site
http://sandbox.rulemaker.net/ngps/m
--On Sunday, March 15, 2009 09:29:16 AM +0100 Daniel Mentz
wrote:
> http://sandbox.rulemaker.net/ngps/m2/howto.ca.html
>
> I did not check it in detail and there might be better sites. But I
> think if you mix the information you get from this site with the
> information from the strongSwan co
Hi strongSwan team,
I am trying to establish a tunnel between two end-points. They do not
support pki, so I had to create the certficates using openssl. When I did
this, gave "ipsec start" and then checked "ipsec listcacerts", it shows
nothing. The following lines are also present in the logs:
Ja
Hello Meera,
you should self-sign the CA certificate using the
openssl req -new -x509 -key cakey.pem -out cacert.csr
command which will set the CA basic constraint to true.
Concerning the error to write to socket problem is
probably caused because either the socket-default plugin
(only IKEv2 c
Hi
I am trying to establish an ipsec tunnel using x509 authentication between
a Linux device (running strongswan) and another device that supports IKEv2.
Both peers are using the same CA certificate to generate the local
certificates.
The issue I am facing is the peer is request CA certificate in
Hi Sameer,
> The issue I am facing is the peer is request CA certificate in its
> certificate request payload in the message.
A certificate request payload contains the SHA-1 hashes of the public
keys of CAs a peer accepts (or prefers) end-entity certificates from.
It's not a request to actually
Thanks Tobias
So is there a way to send the SHA-1 hashes of the public keys of CAs. Do we
do that already? If not, is there a way to enable it?
On Fri, Apr 22, 2016 at 12:47 AM, Tobias Brunner
wrote:
> Hi Sameer,
>
> > The issue I am facing is the peer is request CA certificate in its
> certific
Hi Sameer,
> So is there a way to send the SHA-1 hashes of the public keys of CAs. Do
> we do that already?
Yes, that's what's contained in the CertReq payloads sent by strongSwan.
Unless rightsendcert=never is configured the daemon will send the
hashes of the public keys of all loaded CA certif
11 matches
Mail list logo
