[Openswan Users] ####: [Openswan dev] X.509

Peter lli at tecomtech.com
Thu Nov 16 20:00:08 EST 2006

Dear Paul,
Thanks for your reply.
I solved this problem. The error is misconfiguration of ipsec.conf:
In host, the /etc/ipsec.d/private directory should have the A.pem,
but I place B.pem in it. So it cannot locate RSA signature. FT!
Thank you and Paul Wouters.


发件人: Christian Brechbühler [mailto:brechbuehler at gmail.com] 
发送时间: 2006年11月17日 3:00
收件人: AntZ
抄送: Paul Wouters; users at openswan.org
主题: Re: [Openswan Users] [Openswan dev] X.509 in openswan

On 11/16/06, Christian Brechbühler <brechbuehler at gmail.com> wrote: 

keep the certificate on a separate host, if you can.

For clarity: I meant "keep the certificate authority (CA) on a separate
Guard it well.  Here's where you create and sign the various peer's
certificates.  Make sure you distribute the certificates to their owners in
a secure way, e.g., floppy, CD-ROM; ssh/scp/sftp is probably OK too.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061117/f4b94f84/attachment-0001.html 

More information about the Users mailing list