[strongSwan] question about certificate

Xin knightluffy at live.com
Thu Dec 18 04:00:09 CET 2014


I have got a wildcard certificate, but I don't know how to install to
ipsec.d. I am not good at the cert parts. And I only know If I have no
certificate, I can generate the self-certificate like the following steps:
ipsec pki --gen --outform pem > ca.pem
ipsec pki --self --in ca.pem --dn "C=US, O=***, US=domain" --ca --outform
pem >ca.cert.pem
ipsec pki --gen --outform pem > server.pem
ipsec pki --pub --in server.pem | ipsec pki --issue --cacert ca.cert.pem
--cakey ca.pem --dn "C=US, O=***, US=domain" --san="domain" --flag
serverAuth --flag ikeIntermediate --outform pem > server.cert.pem
ipsec pki --gen --outform pem > client.pem
ipsec pki --pub --in client.pem | ipsec pki --issue --cacert ca.cert.pem
--cakey ca.pem --dn "C=US, O=***, US=domain" --outform pem > client.cert.pem
cp -r ca.cert.pem /usr/local/etc/ipsec.d/cacerts/
cp -r server.cert.pem /usr/local/etc/ipsec.d/certs/
cp -r server.pem /usr/local/etc/ipsec.d/private/
cp -r client.cert.pem /usr/local/etc/ipsec.d/certs/
cp -r client.pem  /usr/local/etc/ipsec.d/private/

But now I have *.key and *.crt, how do I generate ca.cert.pem,
server.cert.pem, server.pem, client.cert.pem, client.pem and move them to
the specific folder? Appreciate for helps.

More information about the Users mailing list