[Openswan Users] [Openswan dev] X.509 in openswan

[Christian Brechbühler]

On 11/16/06, Christian Brechbühler <brechbuehler at gmail.com> wrote:
>
> keep the certificate on a separate host, if you can.


For clarity: I meant "keep the certificate authority (CA) on a separate
host".
Guard it well.  Here's where you create and sign the various peer's
certificates.  Make sure you distribute the certificates to their owners in
a secure way, e.g., floppy, CD-ROM; ssh/scp/sftp is probably OK too.

Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061116/98c0de48/attachment.html