[strongSwan] preloading client certificates
Andreas Steffen
andreas.steffen at strongswan.org
Thu Oct 2 09:42:58 CEST 2014
Hi Pete,
there is no command to list all end entity certificates stored in
/etc/ipsec.d/certs. The only way is either to explicitly define
at least one connection
conn x
leftcert=cert_x.pem
...
auto=add
for each of the end entity certificates or to combine the private
and public key in a PKCS#12 file, store it in /etc/ipsec.d/private/
and load it explicitly via a
: P12 cert_x.p12 "<password>"
entry in /etc/ipsec.secrets.
Regards
Andreas
On 10/02/2014 06:15 AM, cellkites at hushmail.com wrote:
> Is anyone able to tell me how I would pre-load all my clients pubkeys on
> a strongswan server?
>
> I've copied them to the /etc/ipsec.d/certs directory and restarted the
> daemon but "ipsec listcerts" still only lists the certificates that I
> have a private key for. Is there a particular directive that i need to
> set to have strongswan load all the public keys in this directory?
>
> Cheers,
>
> Pete
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141002/d05f49cb/attachment.bin>
More information about the Users
mailing list