-----BEGIN PGP SIGNED MESSAGE----- On Tuesday 05 August 2003 04:49, Tim Sampson wrote:
> How does freeswan with the x509 patch know who to trust? I assume I have to > have the client's certificate stored somewhere but I can't see this in any > of the tutorials I have read. Many setups use a certificate authority scheme. Rather than importing all the certs involved in the IKE negotiation, you create a self-signed CA certificate. You then issue client certificates, all signed by that CA. The clients send the certificate to the server during IKE negotiation, which can then verify the signature and authenticate the client. - -- Sam Sgro [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: For the matching public key, finger the Reply-To: address. iQCVAwUBPy91nEOSC4btEQUtAQF3nAP/Vbrs/9ztid3Ax9maI4VHJ/SUbotEs7ju VJegNC5xRSHS42UWiopY2I567A0UQlgcxbXCm4vAxhDZpGJ8eCf0nsEsf3bl0lR0 R9S3XFey6QblFtTTQayhdLgVSn+9W6Iz6AZSHmgGax4iQVu9rByhXddGLeRPYla8 IYtxrcwJRl4= =jOQe -----END PGP SIGNATURE-----
