Andreas Steffen <[EMAIL PROTECTED]> writes:
X.509 certificates are not supported by showhostkey. If you want to use Opportunistic Encryption you can extract the required public key from a certificate using the fswcert tool downloadable from
http://www.strongsec.com/freeswan/old.htm
Uhm. Ok. I've done so. But I'm not clear how to use fswcert.
I ran fswcert --k /etc/ipsec.d/private/stark.xeocode.comKey.pem
And substituted that output for the ": RSA..." that was present in ipsec.secrets.
ipsec.secrets now contains something like:
: RSA { Modulus: 0x... PublicExponent: 0x... PrivateExponent: 0x... Prime1: 0x... Prime2: 0x... Exponent1: 0x... Exponent2: 0x... Coefficient: 0x... }
now ipsec showhostkey --txt @stark.xeocode.com says:
ipsec showhostkey: no pubkey line found -- key information old?
Which leaves me a bit stumped. What is a pubkey line? How is it different from what fswcert outputted?
If I remember correctly the public key line is inserted as a comment into ipsec.secrets and consists of the output of
fswcert -c /etc/ipsec.d/certs/myCert.pem
fswcert produces hex format starting with 0x.. whereas DNS entries now use base64 format starting with 0s...
Regards
Andreas
======================================================================= Andreas Steffen e-mail: [EMAIL PROTECTED] strongSec GmbH home: http://www.strongsec.com Alter Z�richweg 20 phone: +41 1 730 80 64 CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65 ==========================================[strong internet security]===
_______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
