From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Wed Oct 30 2002 - 10:31:13 CET
You take the private key file myKey.pem and store it in the directory
/etc/ipsec.d/private. The private key is loaded via ipsec.secrets with
the statement
: RSA myKey.pem "<optional 3DES password>"
The public X.509 certificate myCert.pem is stored by default in
/etc/ipsec.d (in version 1.0 of the X.509 patch this has changed to
/etc/ipsec.d/certs) or you can give any relative or absolute path.
The certificate is loaded via ipsec.conf with the statement
leftcert=myCert.pem
After Pluto has started up, the command
ipsec auto --listcerts
should list some important parameters of myCert.pem and if myKey.pem
has been loaded successfully, the comment "..., has private key"
should be present.
Regards
Andreas
martin f krafft wrote:
> also sprach Andreas Steffen <andreas.steffen_at_strongsec.net> [2002.10.30.1000 +0100]:
>
>>I remember that you have both the certificate and the password-protected
>>private key in a single file. Could you separate them into two files?
>
>
> Well, I already did, but I don't know how to tell FreeS/WAN of both of
> them. Right now I have
>
> rightcert=.../file.pem
>
> which contains the key only. This, therefore, must be wrong.
>
>
>>Is the certificate actually loaded? You can verify this by typing
>>
>> ipsec auto --listcerts
>
>
> As you suspected: no.
======================================================================
Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH phone: +41 76 340 25 56
Alter Zürichweg 20 home: http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Oct 31 2002 - 05:20:35 CET