[Openswan Users] IPSec and Certificates

t.henneberger at hcs-computer.de t.henneberger at hcs-computer.de
Tue Feb 1 14:27:01 CET 2005

Hello there

I am currently trying to establish a connection using x.509 Certificates, and I 
seem to do something wrong.

I think I may have missunderstood the basic principles. Please read on
to see if I got it right ;)

Lets say we have a VPN-server (listening for incoming connections) and a
client (innitiating the connection).

In order to use x.509 to authenticate and encrypt the connection, both
sides need to have a Certificate from a CA both know, right?

Now comes the part I am unsure about:
Do both ends have to use the same Cerftificate, or is it enough when
both sides have a Certificate which is signed by the above CA?

I read tons of HowTos and Documents, but I just could not find
a simple discreption of the Authentication-Process. I don't even know
who transfers his Public-Key first, the Client or the Server. A good link
describing this process would be very very helpful. 

Thank you for your time.

T. Henneberger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050201/0c234c32/attachment.htm

More information about the Users mailing list