[Openswan Users] IPSec and Certificates

Michael Schwartzkopff misch at multinet.de
Tue Feb 1 15:34:00 CET 2005

Hash: SHA1

Am Dienstag, 1. Februar 2005 15:27 schrieb t.henneberger at hcs-computer.de:
> Hello there
> I am currently trying to establish a connection using x.509 Certificates,
> and I seem to do something wrong.
> I think I may have missunderstood the basic principles. Please read on
> to see if I got it right ;)
> Lets say we have a VPN-server (listening for incoming connections) and a
> client (innitiating the connection).
> In order to use x.509 to authenticate and encrypt the connection, both
> sides need to have a Certificate from a CA both know, right?
> Now comes the part I am unsure about:
> Do both ends have to use the same Cerftificate, or is it enough when
> both sides have a Certificate which is signed by the above CA?

You need one certificate for the server and one for the client. Both have to 
be signed from the same CA.

> I read tons of HowTos and Documents, but I just could not find
> a simple discreption of the Authentication-Process. I don't even know
> who transfers his Public-Key first, the Client or the Server. A good link
> describing this process would be very very helpful.

RFC 2408, freeswan doku, checkpoint doku.

- -- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B

Version: GnuPG v1.2.4 (GNU/Linux)


More information about the Users mailing list