[Openswan Users] Some questions about x.509 certificate authenticate

Jacco de Leeuw jacco2 at dds.nl
Wed Apr 11 09:45:27 EDT 2007

> 2. I use openswan in a embeded system. There are many clients with x.509 
> certificates. So, openswan must store lots of cetificates. But, there is 
> not enough space in this embeded environment. Is there any good 
> suggestion? 
> 3. For question 2, I want the openswan to store its own certificate only 
> and get its counterparts' publick keys through IKE phase 1 negotiation. 
> Therefore, it will save a lot storage space. Does this method work?

You are not required to use locally stored certificates. You can also
use CA certificates to authenticate peers. This would save storage
space but then you may have to take revoked certificates into
account, e.g. by using a CRL or an OCSP server. See also:


Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list