[strongSwan] IPsec PKI Tool

Andreas Steffen andreas.steffen at strongswan.org
Thu May 17 19:43:30 CEST 2012

Hello Chris,

I'm not sure about the ipsec pki release in strongSwan 4.4
but the current pki command can add one or several EKUs and
an arbitrary number of subjectAltNames:



   ipsec pki --issue --flag serverAuth
                     --flag clientAuth
                     --flag crlSign
                     --flag ocspSigning


   ipsec pki --issue --san carol at strongswan.org
                     --san moon.strongswan.org
                     --san 2001:3f54::5



On 05/17/2012 05:00 PM, Chris Arnold wrote:
> strongSwan 4.4 on SLES11 SP2. Trying to get ikev2 roadwarriors config
> setup. I am following
> http://wiki.strongswan.org/projects/strongswan/wiki/Windows7 and
> trying to meet cert requirements:
> http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq
> The EKU and subjectAltName, can this be done with the ipsec pki? I
> really cant take the time to learn openSSL right now (i know
> eventually i will have to but cant right now). Is it possible to put
> the EKU and subjectAltName in a cert with ipsec pki?

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list