The latest version of the X.509 patch supports the 'subjectKeyIdentifier' and 'authorityKeyIdentifier' extensions in X.509 certificates. These extensions can be used to uniquely identify multiple versions of a CA certificate (same distinguished name but different public key) and the corresponding CRLs (make sure that you issue version 2 CRLs). This new feature is very useful when updating a CA certificate. The old and new CA cert can be used in parallel, allowing a smooth migration of the user certs from the old CA key to the new one.
Version 1.4.3 for freeswan-2.01 and version 0.9.35 for freeswan-1.99, respectively, can be downloaded from
http://www.strongsec.com/freeswan/
I'd like to remind you that version 1.4.3 allows you to keep your private keys safely on a smartcard or a USB crypto token. Make sure that you install the newest release 0.8.0 of the opensc smartcard library available from http://www.opensc.org.
Kind regards
Andreas
======================================================================= Andreas Steffen e-mail: [EMAIL PROTECTED] strongSec GmbH home: http://www.strongsec.com Alter Z�richweg 20 phone: +41 1 730 80 64 CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65 ==========================================[strong internet security]===
_______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
