[strongSwan] documenting the X509 configuration for a roadwarrior?
Daniel Pocock
daniel at pocock.com.au
Fri Oct 21 09:45:10 CEST 2011
>> ipsec pki --pub --in moonKey.der | ipsec pki --issue --cacert caCert.der
>> --cakey caKey.der --dn "C=GB, O=Example Limited, CN=moon.example.org"
>> --san "DNS:moon.example.org" > moonCert.der
>>
> DNS:moon.example.org is the OpenSSL way of representing a
> subjectAltName. If you use our PKI tool, just add --san
> moon.example.org, it automatically figures out that this is a DNS type
> subjectAltName.
>
>
Ok, thanks for confirming this is the right way to do it for strongSwan,
maybe the section on `End entity certificates' in
http://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA needs a
complete example of using --san?
More information about the Users
mailing list