On 1/9/2022 10:56 PM, Paul Wouters wrote:
On Fri, 7 Jan 2022, Mirsad Goran Todorovac wrote:
I did a little something and attached it. I hope it isn't too
terrible for common users to understand :-/
Thanks! I'll put it up in our wiki!
Note that for the server side, you could use LetsEncrypt to get a
certificate. The server and client do not neccessarilly have to use the
same CA. That way, the Root CA for the certificate is already present
on the android device. It should not need to Root CA of the client, as
it should just use the client cert and it does not need to validate it.
I'm glad you think it's OK. If you have any requirements to the
tutorial, I will be able to add them on Tuesday I think.
I could also use ECDSA certificates, as I today did on our experimental
web servers. They are supposed to be faster on the mobile devices at
least, aren't they?
But IMHO this is separate from the Android IKEv2 configuration problem,
so I referred to what you already provided in your wiki as of cert
generation with certutil.
Mirsad
--
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
