[Openswan Users] multiple root CA
Laurent Jouannic
laurent.jouannic at cbsa.fr
Fri Oct 14 14:08:15 CEST 2005
Hi,
Thanks, it works fine with openssl-0.9.7h,
But I had many trouble with openssl-0.9.8a:
*The generartion of the root CA is different: you need to change openssl.cnf to get the x509 v3 field: CA:True.
*My "ipsec barf" is good, all certificate were valide, but I get: "invalid id information". And I noticed there were not the x509 v3 fields: DirName and serial.
Do you know what's append?
Laurent.
----- Original Message -----
From: Paul Wouters
To: Jorge Daniel Sequeira Matias
Cc: users at openswan.org
Sent: Tuesday, October 04, 2005 8:23 PM
Subject: Re: [Openswan Users] multiple root CA
On Tue, 4 Oct 2005, Jorge Daniel Sequeira Matias wrote:
> certifies your users certificates, it doesn't work. I have tested this setup
> too because my VPN Server certificate is signed by a SubCA. This SubCA is
> going to expire. I had to create a new SubCA of the same RootCA.
> In this case, as the users and VPN Server certificates are all "suns" of the
> RootCA, Openswan doesn't know how select the right VPN Server certificate to
> send to the user.
You can explicitely set a CA with rightca=/leftca=
> Anyone knows if is possible to install 2 openswans in the same machine each
> one listening on different IP address? This could solve my problem.
No you cannot, since the kernel wouldn't know to which IKE daemon it should talk.
Paul
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20051014/6c695fe4/attachment.htm
More information about the Users
mailing list