[Openswan Users] A working example of use of X.509 certificates, Linux -- Windows XP

Paul Wouters paul at xelerance.com
Thu Jun 16 00:15:44 CEST 2005

On Wed, 15 Jun 2005, Miguel Dilaj wrote:

> NOTE: certificates/CA created TODAY are rejected by Windows. If you create
> your certificate/CA today, use it tomorrow, otherwise change the time of the
> machine in which you're using openssl to generate the certificates/CA with
> yesterday's date. Annoying, isn't it?

That is usually either the result of not using NTP on windows, or because
of dual boot windows/linux messing with the clock, or having the two computers
in a different timezone.

> I'm not sure if the line
> 	interfaces="ipsec0=eth0"
> is required, but it works...

No. in fact when using netkey on linux 2.6, it is best left at "%defaultroute"

Thanks for your report, we seldon hear from people who manage to get things
working :)


More information about the Users mailing list