[Openswan Users] x509 certificate question

James Harper JamesH at bendigoit.com.au
Sat Mar 20 23:29:48 CET 2004


I've read and googled and read some more and can't find a clear answer
to this question. If anyone can tell me the answer or where to find it I
would be very grateful!

I'm investigating using x509 instead of psk which I currently use, and
finally have it working but I had to specify leftcert and rightcert on
at least the non-initiating end or it claimed not to be able to find a
matching certificate. I was under the impression that public keys were
exchanged at setup time and validated against a ca, but then I have also
read that you should have a local copy of all public keys that might be
involved, and now I find I have to specify the .pem certificate file
explicitly. I think I'm doing something wrong.

Looking at the logs, the only certs it loads are the ones I specify in
the config. Is that right? I expected it to pre-load all the ones in the
certs directory so that it could match them up to the asn id's I
specified.

Either I'm making a common error and someone will say 'oh yeah I know
what that is, do this', or I'll have to post more information about my
setup... hopefully it's the former.

Tia

James


More information about the Users mailing list