[Openswan Users] [Openswan dev] X.509 in openswan

Christian Brechbühler brechbuehler at gmail.com
Thu Nov 16 14:00:13 EST 2006

On 11/16/06, Christian Brechbühler <brechbuehler at gmail.com> wrote:
> keep the certificate on a separate host, if you can.

For clarity: I meant "keep the certificate authority (CA) on a separate
Guard it well.  Here's where you create and sign the various peer's
certificates.  Make sure you distribute the certificates to their owners in
a secure way, e.g., floppy, CD-ROM; ssh/scp/sftp is probably OK too.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061116/98c0de48/attachment.html 

More information about the Users mailing list