[Openswan Users] how to check all CA certificats in /cacerts ?
david
ngc1976.m42 at caramail.com
Mon May 9 10:35:52 CEST 2005
Hi all,
I have 2 Host :
---------------hostA ipsec.conf------------
--
config setup
klipsdebug=none
plutodebug=all
co
nn %default
keyingtries=0
authby=rsasig
conn tes
tvpnda
left=195.212.109.202
leftcert=user01des.crt
right=%any
rightid="C=fr,ST=ile-de-france,L=paris,O=toto,CN
=user02des,E=user02des at caramail.com"
auto=add
----------------
end--------------------
---------------hostB--------------------
co
nfig setup
klipsdebug=none
plutodebug=all
conn %de
fault
keyingtries=0
authby=rsasig
conn testvpnda
left=195.212.109.203
leftcert=user02des.crt
rig
ht=195.212.109.202
rightid="C=fr,ST=ile-de-france,L=paris,O=toto
,CN=user01des,E=user01des at caramail.com"
auto=add
--------------
-----------end--------------
THIS CONFIGURATION WORKS.
Now,I want t
hat hostA accepts all certificats signed by the CA certificats present in
openswan/cacerts without using the certificate's Distinguished Name or s
ubjectAltNames.
I try this:
---------------hostA ipsec.conf--------
------
config setup
klipsdebug=none
plutodebug=all
conn %default
keyingtries=0
authby=rsasig
conn
testvpnda
left=195.212.109.202
leftcert=user01des.crt
right=%any
auto=add
----------------end--------------
------
But it does not work! when I make a ipsec auto --status, I see
that hostA is unaware of my testvpnda connection...
What is wrong in m
y hostA ipsec.conf ? what I have to do ?
thanks !
david
Protek-on:
CaraMail met en oeuvre un nouveau Concept de Sécurité Globale - www.caramail.com
More information about the Users
mailing list