You can create all certificates, keys etc. on one machine. As soon as you're done with creating all certificates you copy the appropriate files to the corresponding machines.
Search the web for a detailed tutorial on how to create a CA and issue certificates with OpenSSL. Get back to the mailing list if you have questions. Please include error messages as well. I don't see the reason why you copy strongswanKey.pem (the key of the CA) from moon to sun. This key should be kept secret. You can create the CA infrastructure on a completely different machine. None of the IPsec peers has (or say should) be involved. abhishek kumar wrote: > hello.. > plz tell me how to create host certificate and key. > > this how i have done in the case of host-host case: > > 1. created strongswanCert.pem, strongswanKey.pem [at moon] using the README > file. > 2. then i pasted strongswanCert.pem, strongswanKey.pem at sun. > 3. created hostCert.pem, hostReq.pem at the respective moon and sun. > 4. certificate request is signed by CA [ in openssl.conf , it is > CA=strongswanCert.pem ] both at moon and sun. > 5. then it created hostKey.pem both at moon and sun. > > is above five step right? if not plz help me finding the mistake. _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
