[Openswan Users] README.nss

Willie Gillespie wgillespie+openswan at es2eng.com
Mon Jan 24 09:06:15 EST 2011

On 01/23/2011 04:50 PM, Michael H. Warfield wrote:
> Philosophical thoughts on README.nss, though.  As a cryptographer, I am
> morally offending by some of the things in there.  It says to export the
> CA keypair to a pkcs12 .p12 file and import them onto other machines.
> Private keys should only exist on the machines to which they belong.
> That's fundamental.  I can not possibly overstress that concept.  Using
> pkcs12 requires including the private key (someone please correct me if
> I'm wrong on this with pointers to the correct openssl syntax to do it).

I haven't tried it, but is it possible with the -nokeys option of pkcs12?

More information about the Users mailing list