Andreas Steffen <[EMAIL PROTECTED]> writes:
> X.509 certificates are not supported by showhostkey. If you
> want to use Opportunistic Encryption you can extract the required
> public key from a certificate using the fswcert tool downloadable
> from
>
> http://www.strongsec.com/freeswan/old.htm
Uhm. Ok. I've done so. But I'm not clear how to use fswcert.
I ran
fswcert --k /etc/ipsec.d/private/stark.xeocode.comKey.pem
And substituted that output for the ": RSA..." that was present in
ipsec.secrets.
ipsec.secrets now contains something like:
: RSA {
Modulus: 0x...
PublicExponent: 0x...
PrivateExponent: 0x...
Prime1: 0x...
Prime2: 0x...
Exponent1: 0x...
Exponent2: 0x...
Coefficient: 0x...
}
now ipsec showhostkey --txt @stark.xeocode.com says:
ipsec showhostkey: no pubkey line found -- key information old?
Which leaves me a bit stumped. What is a pubkey line? How is it different from
what fswcert outputted?
--
greg
_______________________________________________
FreeS/WAN Users mailing list
[EMAIL PROTECTED]
https://mj2.freeswan.org/cgi-bin/mj_wwwusr
