[Openswan Users] multiple root CA
Paul Wouters
paul at xelerance.com
Mon Oct 3 20:15:59 CEST 2005
On Mon, 3 Oct 2005, Laurent Jouannic wrote:
> Well, I'm still using freeswan with x509 path and I send my question to this forum, because freeswan one is obsolete.
>
> My problem is the following:
>
> My root CA will be soon obsolete and I want to know if it's possible to use multiple (in fact 2) root CA in /etc/ipsec.d/cacerts/, during a certain time (needed for the transition).
Yes, just place the both in the cacerts/ directory.
> If yes, I should have 2 crl.pem in /etc/ipsec.d/clrs/. 1 crl per cacert.
> How (freeswan/open)swan would link a clr to a cacert?
Yes, place them both in the crls/ directory.
Paul
More information about the Users
mailing list