From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Tue Oct 29 2002 - 13:43:00 CET
martin f krafft wrote:
> also sprach Andreas Steffen <andreas.steffen_at_strongsec.net> [2002.10.29.0929 +0100]:
>
>>This applies only if you load the certificate locally by
>>using
>>
>> [right|left]cert=
>>
>>In this case the distinguished subject name of the certificate is
>>automatically assigned to [right|left]id. This can be overrun
>>by a [right|left]id defining one of the subjectAltNames contained
>>in the certificate as the ID.
>
>
> Okay, this now almost makes sense to me. Let me look again at my
> configuration on the left side (it's almost symmetric anyway):
>
> conn gate-albatros
> [...]
> rightrsasigkey=%cert
> right=80.218.20.44
> [...]
> leftrsasigkey=%cert
> leftcert=private/fishbowl.dyn.madduck.net.pem
> left=217.162.173.58
> [...]
>
> I need to tell the left side that it is to expect a specific
> certificate from the right side, because right is not set to '%any':
>
> rightid: "DN=..."
>
> If this is right, then this is making sense now.
You've got it right :)
Andreas
>
> Thanks!
======================================================================
Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH phone: +41 76 340 25 56
Alter Zürichweg 20 home: http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Oct 30 2002 - 05:20:34 CET