[Openswan Users] using OpenSwan with more than 1 CA

Nate Carlson natecars at natecarlson.com
Tue Jul 27 10:41:04 CEST 2004


On Tue, 27 Jul 2004, SianLun Lau wrote:
> been using openswan so far, and now came a situation where i need to use
> certificates from another CA. usually we have all the certificates from
> the same CA, but now a new connection would be needed with the other
> side that uses certificates from its CA.
>
> would there be problem having the new guy connect to the current
> openswan gateway, and also what is necessary to be noted during
> implementation?

Shouldn't be any problem. If that's the only connection from that CA, you
can just put a copy of his certificate on the gateway and specify it as
'rightcert' or whatnot, and it'll allow that cert to connect (basically,
ignore the ca, just use this cert). Otherwise, you can set up the
additional CA as usual - just be sure to have 'rightca=<whatever>'
specified for each connection.

------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
------------------------------------------------------------------------


More information about the Users mailing list