[Openswan Users] OpenSwan book - clarifications / questions

OCG Technical Support support at ocg.ca
Tue Oct 14 15:58:05 EDT 2008

I'm working my way through the OpenSwan book (Wouters & Bantoft) and thought
I would throw out some questions that were not completely answered (or
unclear to me) in the book.  If list members want to join in and
answer....or add their own feedback for a later revision of the book:


X509: I read this chapter several times, and I think I get it.  But in
openssl there are "RSA" commands and "X509" commands.  What's the
difference?  If I generate a private & public key & request in openssl, I
use the RSA commands..should I be using the X509 commands?  Are they the


X509 Self-signed: I didn't get this.  Does this just mean letting the IPSec
gateway become a CA and sign the X509 cert?  Does a CA sign the X509 cert,
or sign a request?


Formats: Is DER the same as PEM just in human readable (base 64) format?


Windows CA: I figured out how to generate requests in linux, sign them on a
Windows CA, and then move the cert back to linux.  This was tough to figure
out.  Recognizing that Windowz has the lion's share of the server market, it
might be a nice add on to the book to explain how to use a Windows CA to
sign these certs, the formats to use, etc.  Most of my clients use a Windows
CA (but they're starting to accept Linux boxes)


I'm only half way through the book...but these areas could use some
clarification.  Overall it's great - I've gotten pretty far without reaching
out for help on the list.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081014/aab0d56f/attachment.html 

More information about the Users mailing list