[Openswan Users] how to check all CA certificats in /cacerts ?
david
ngc1976.m42 at caramail.com
Mon May 9 10:35:54 CEST 2005
Hi all, I have 2 Host : ---------------hostA ipsec.conf-------------- con
fig setup klipsdebug=none plutodebug=all conn %default keyingtries=0 auth
by=rsasig conn testvpnda left=195.212.109.202 leftcert=user01des.crt righ
t=%any rightid="C=fr,ST=ile-de-france,L=paris,O=toto,CN=user02des,E=user0
2des at caramail.com" auto=add ----------------end-------------------- -----
----------hostB-------------------- config setup klipsdebug=none plutodeb
ug=all conn %default keyingtries=0 authby=rsasig conn testvpnda left=195.
212.109.203 leftcert=user02des.crt right=195.212.109.202 rightid="C=fr,ST
=ile-de-france,L=paris,O=toto,CN=user01des,E=user01des at caramail.com" auto
=add -------------------------end-------------- THIS CONFIGURATION WORKS.
Now,I want that hostA accepts all certificats signed by the CA certifica
ts present in openswan/cacerts without using the certificate's Distinguis
hed Name or subjectAltNames. I try this: ---------------hostA ipsec.conf-
------------- config setup klipsdebug=none plutodebug=all conn %default k
eyingtries=0 authby=rsasig conn testvpnda left=195.212.109.202 leftcert=u
ser01des.crt right=%any auto=add ----------------end--------------------
But it does not work! when I make a ipsec auto --status, I see that hostA
is unaware of my testvpnda connection... What is wrong in my hostA ipsec
conf ? what I have to do ? thanks ! david
Protek-on: CaraMail met en o
euvre un nouveau Concept de Sécurité Globale - www.caramail.com
More information about the Users
mailing list