<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-CA link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>I’m working my way through the OpenSwan book (Wouters
& Bantoft) and thought I would throw out some questions that were not
completely answered (or unclear to me) in the book. If list members want
to join in and answer....or add their own feedback for a later revision of the
book:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>X509: I read this chapter several times, and I think I get
it. But in openssl there are “RSA” commands and “X509”
commands. What’s the difference? If I generate a private
& public key & request in openssl, I use the RSA commands..should I be
using the X509 commands? Are they the same?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>X509 Self-signed: I didn’t get this. Does this
just mean letting the IPSec gateway become a CA and sign the X509 cert?
Does a CA sign the X509 cert, or sign a request?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Formats: Is DER the same as PEM just in human readable (base
64) format?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Windows CA: I figured out how to generate requests in linux,
sign them on a Windows CA, and then move the cert back to linux. This was
tough to figure out. Recognizing that Windowz has the lion’s share
of the server market, it might be a nice add on to the book to explain how to
use a Windows CA to sign these certs, the formats to use, etc. Most of my
clients use a Windows CA (but they’re starting to accept Linux boxes)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I’m only half way through the book...but these areas
could use some clarification. Overall it’s great – I’ve
gotten pretty far without reaching out for help on the list.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks,<o:p></o:p></p>
<p class=MsoNormal>MD<o:p></o:p></p>
</div>
</body>
</html>