Re: [Users] Nortel/freeswan with X509?

From: Ken Bantoft (ken_at_freeswan.ca)
Date: Thu Oct 24 2002 - 02:03:01 CEST

• Next message: Ken Bantoft: "Re: [Users] Question on running IPSEC as a non root user"
• Previous message: Kenta: "[Users] UNSUSCRIBE!!!!"
• In reply to: PRINCE Jean-Francois: "[Users] Nortel/freeswan with X509?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Andreas just posted about this within the past week. Here it is again...

Date: Sun, 20 Oct 2002 13:20:28 +0200
From: Andreas Steffen <andreas.steffen_at_strongsec.net>
To: Joe Philipps <freeswan4joe_at_philippsfamily.org>
Cc: users_at_lists.freeswan.org
Subject: Re: [Users] Contivity X.509, FreeSWAN w/ X.509 patches, and
OpenSSL
                                                                                                                       
We set up a Contivity <=> FreeS/WAN connection using X.509
certificates at the IPsec Global Summit 2001 in Paris. The link
                                                                                                                       
   http://www.hsc.fr/ressources/ipsec/ipsec2001/
                                                                                                                       
gives you the details. The IDX-PKI (which is an OpenSource
graphical front end to OpenSSL) was used to generate the
certificates. One problem we had to circumvent was the fact
that Nortel Contivity does not send the individual relative
distinguished names (e.g., C=CH, O=ACME, etc.) in the same
order as OpenSSL creates them. The X.509 patch cannot handle
this case (although the X.509 standards allow an arbitrary
ordering). Therefore we used a FQDN (i.e. hostname) as the ID
for the Contivity end and put the FQDN into the subjectAltName
field of the Contivity's certificate.
                                                                                                                       
Hope this helps!
                                                                                                                       
Andreas

On Wed, 23 Oct 2002, PRINCE Jean-Francois wrote:

> Hello,
>
> I succeed with freeswan/Nortel and PSK, but I don't know how I can
> enter freeswan certificates on Nortel Contivity. I need a PKCS7 form
> in base 64. I use some openssl commands, but nothing works.
>
> Someone could help me please?
>
> Zhanks
> JF
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>

-- 
Ken Bantoft                The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca            http://www.freeswan.ca
                           PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We 
can also factor the number 15 with a dog trained to bark 
three times."       -- Robert Harley, 5/12/01, Sci.crypt
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Ken Bantoft: "Re: [Users] Question on running IPSEC as a non root user"
• Previous message: Kenta: "[Users] UNSUSCRIBE!!!!"
• In reply to: PRINCE Jean-Francois: "[Users] Nortel/freeswan with X509?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Nov 16 2002 - 05:20:41 CET