[Openswan Users] IPSec and Certificates

Michael Schwartzkopff misch at multinet.de
Tue Feb 1 15:34:00 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 1. Februar 2005 15:27 schrieb t.henneberger at hcs-computer.de:
> Hello there
>
> I am currently trying to establish a connection using x.509 Certificates,
> and I seem to do something wrong.
>
> I think I may have missunderstood the basic principles. Please read on
> to see if I got it right ;)
>
> Lets say we have a VPN-server (listening for incoming connections) and a
> client (innitiating the connection).
>
> In order to use x.509 to authenticate and encrypt the connection, both
> sides need to have a Certificate from a CA both know, right?
>
> Now comes the part I am unsure about:
> Do both ends have to use the same Cerftificate, or is it enough when
> both sides have a Certificate which is signed by the above CA?

You need one certificate for the server and one for the client. Both have to 
be signed from the same CA.

> I read tons of HowTos and Documents, but I just could not find
> a simple discreption of the Authentication-Process. I don't even know
> who transfers his Public-Key first, the Client or the Server. A good link
> describing this process would be very very helpful.

RFC 2408, freeswan doku, checkpoint doku.

- -- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB/5NdqndXpO3Yl5sRAo57AJ4ohF3leIKzIOvc+D0MloqitAbfXACfRlgA
B2sFH8FKqNTGhw7tBD8/QJ8=
=ZZAx
-----END PGP SIGNATURE-----


More information about the Users mailing list