[Openswan Users] IPSec and Certificates
misch at multinet.de
Tue Feb 1 15:34:00 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Am Dienstag, 1. Februar 2005 15:27 schrieb t.henneberger at hcs-computer.de:
> Hello there
> I am currently trying to establish a connection using x.509 Certificates,
> and I seem to do something wrong.
> I think I may have missunderstood the basic principles. Please read on
> to see if I got it right ;)
> Lets say we have a VPN-server (listening for incoming connections) and a
> client (innitiating the connection).
> In order to use x.509 to authenticate and encrypt the connection, both
> sides need to have a Certificate from a CA both know, right?
> Now comes the part I am unsure about:
> Do both ends have to use the same Cerftificate, or is it enough when
> both sides have a Certificate which is signed by the above CA?
You need one certificate for the server and one for the client. Both have to
be signed from the same CA.
> I read tons of HowTos and Documents, but I just could not find
> a simple discreption of the Authentication-Process. I don't even know
> who transfers his Public-Key first, the Client or the Server. A good link
> describing this process would be very very helpful.
RFC 2408, freeswan doku, checkpoint doku.
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Users