[Openswan Users] Linux to Linux ipsec/l2tp server

Paul Wouters paul at xelerance.com
Mon Feb 13 21:37:53 CET 2006


On Mon, 13 Feb 2006, Brett Curtis wrote:

> Ok I think that howto is incorrect. It explains how to create host certs by
> using CA.sh -newreq and then sign it using CA.sh -sign which leaves you will
> two files newcert.pem & newreq.pem and the newreq.pem is the one used in
> ipsec.secrets. However ipsec fails to read that file..

newreq.pem is not used. It is only used when you send a CSR to some other
CA. Though I avoid using CA.sh/CA.pl myself, since those are often customized
per distribution. I use the openssl ca command instead. I think the README.X509
also uses openssl commands instead of CA.sh.

Paul


More information about the Users mailing list