[Openswan Users] multiple root CA
Paul Wouters
paul at xelerance.com
Tue Oct 4 21:23:38 CEST 2005
On Tue, 4 Oct 2005, Jorge Daniel Sequeira Matias wrote:
> certifies your users certificates, it doesn't work. I have tested this setup
> too because my VPN Server certificate is signed by a SubCA. This SubCA is
> going to expire. I had to create a new SubCA of the same RootCA.
> In this case, as the users and VPN Server certificates are all "suns" of the
> RootCA, Openswan doesn't know how select the right VPN Server certificate to
> send to the user.
You can explicitely set a CA with rightca=/leftca=
> Anyone knows if is possible to install 2 openswans in the same machine each
> one listening on different IP address? This could solve my problem.
No you cannot, since the kernel wouldn't know to which IKE daemon it should talk.
Paul
More information about the Users
mailing list