[Openswan Users] Re:

Xiaoming Yu xiaoming at us.ibm.com
Mon Jun 21 17:42:14 CEST 2004


I just talked to our certificate guy. We should be able to use the
certificate issued by us and exported to any platform. I never did that but
will find out. Still wonder about the PSK issue. Thank you all for the
help.

Xiaoming Yu
Dept. MR6,  VPN Development
IBM Rochester, MN
Phone: (507)253-5829
Email: xiaoming at us.ibm.com





                                                                           
             Nate Carlson                                                  
             <natecars at natecar                                             
             lson.com>                                                  To 
                                       Xiaoming Yu/Rochester/IBM at IBMUS     
             06/21/2004 01:28                                           cc 
             PM                        users at lists.openswan.org            
                                                                   Subject 
                                       Re: [Openswan Users] Re:            
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




On Mon, 21 Jun 2004, Xiaoming Yu wrote:
> We (IBM iSeries) certainly support x.509, but does it mean we have to
> get a real one in order to test with Linux? We can issue certificate for
> our own platform and can be loaded on Windows, but not sure about Linux.
> And the RSA key created on Linux cannot be imported to other platform
> easily, right? So back to my original question, do I have to get a real
> certificate from trusted CA in order just to test? Thanks,

Oh, no, you can certainly generate your own X.509 certificates, using
standard CA software (I use OpenSSL's 'CA' script). Certs created on Linux
can go just about anywhere, in my experience - I certainly have no
problems exporting them as p12 files for Windows or anything.

I've got information on how to create a CA and such, at:

http://www.natecarlson.com/linux/ipsec-x509.php#casetup

------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
------------------------------------------------------------------------





More information about the Users mailing list