[strongSwan] ipsec pool file with certificates

Claude Tompers claude.tompers at restena.lu
Thu Oct 28 15:37:51 CEST 2010

Hi Martin,

*"C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=Test Certificate"

This is the format in my file (ikev2.addr), I imported them into the db with:

ipsec pool --add ikev1 --addresses /path/to/ikev1.addr --timeout 48

Should I write"X'302431133011060355040a130a7374726f6e677377616e310d300b0603550403130474657374'" into the file ?

Or do I need to store the identities separately ?


On Thursday 28 October 2010 15:28:30 Martin Willi wrote:
> Hi Claude,
> > *"C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=Test Certificate"
> How did you store these identities in the database?
> strongSwan expects these identities in the encoded ASN1 form. We ship a
> helper script with our distribution to convert identities to valid SQL
> code:
> ./scripts/id2sql "O=strongswan, CN=test"
> > type	encoding
> > 9,	X'302431133011060355040a130a7374726f6e677377616e310d300b0603550403130474657374'
> Regards
> Martin

Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101028/5523b74e/attachment.pgp>

More information about the Users mailing list