[strongSwan] need help for host2host-cert setup

[Johannes Hubertz]

Hello listreaders,

On Monday 29 March 2010 08:35:56 Abbhishek Misra wrote:
> I used openssl instead of CA.sh
>
> openssl req -x509 -newkey rsa:2048 -keyout private/cakey.pem -out
                                   ???^^^^^^???

> cacerts/cacert.pem
>
>  openssl req -newkey rsa:2048 -keyout private/maikaKey.pem  -out
> reqs/maikaReq.pem
>
>  openssl ca -in reqs/maikaReq.pem -out certs/maikaCert.pem -cert
> /etc/ipsec.d/cacerts/cacert.pem

Since 1997 I use:

openssl genrsa -des3 -out private/cakey.pem 2048
openssl req -new -x509 -days 9460 -key private/cakey.pem -out cacert.pem
openssl x509 -in cacert.pem -outform der -out cacert.der

And: Of course I'm not sure about. (neither yours and mine)

Have fun!
happy working

Johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100329/681c3edd/attachment.pgp>