[strongSwan] Adding subjectAltNames to the on demand certificates generated during load testing
Narendra K A
naren.ka at gmail.com
Wed May 23 10:32:19 CEST 2012
Thank you for the inputs Martin,
I tried adding * BUILD_SUBJECT_ALTNAMES, "DNS:iprc.nlt.in", * to the
load_tester_creds.c file as u told but i am getting the following error
from the DMN
May 23 13:59:53 localhost charon: 09[DMN] thread 9 received 11
May 23 13:59:54 localhost charon: 09[DMN] killing ourself, received
And also i have one more problem from the beginning... ipsec is not reading
any configuration from the ipsec.conf file. If i add rightid or leftid
parameters in the ipsec.conf it is not reflecting the the detailed log
/var/log/messags. Only it is reading from the ""config setup"" section not
from the ""conn %default"" section. Can you please tell me what might be
the problem ?
On Tue, May 22, 2012 at 1:59 PM, Martin Willi <martin at strongswan.org> wrote:
> Hi Naren,
> > The Client certificates are generated on demand signed by the CA
> > certificate ( load_tester_creds.c file ). How can i add the
> > subjectAltName to these on demand certificates ? Is there any
> > configuration file ? or do i need to make alterations in the code ?
> No, there is no such configuration option. You'd have to extend the
> sources of load tester.
> > I know that the subjectAltName can only be added in the openssl.cnf
> > file before generating the certificate. So how can i make the on
> > demand certificates to read from my openssl.cnf file ?
> Load tester does not use OpenSSL to generate the certificate, but our
> own routines from libstrongswan. To add additional attributes to client
> certificates, pass BUILD_* arguments to . See  and  to read
> more about how the credential building facility works.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users