[strongSwan] preloading client certificates

Andreas Steffen andreas.steffen at strongswan.org
Thu Oct 2 09:42:58 CEST 2014

Hi Pete,

there is no command to list all end entity certificates stored in
/etc/ipsec.d/certs. The only way is either to explicitly define
at least one connection

conn x

for each of the end entity certificates or to combine the private
and public key in a PKCS#12 file, store it in /etc/ipsec.d/private/
and load it explicitly via a

 : P12 cert_x.p12 "<password>"

entry in /etc/ipsec.secrets.



On 10/02/2014 06:15 AM, cellkites at hushmail.com wrote:
> Is anyone able to tell me how I would pre-load all my clients pubkeys on
> a strongswan server?
> I've copied them to the /etc/ipsec.d/certs directory and restarted the
> daemon but "ipsec listcerts" still only lists the certificates that I
> have a private key for. Is there a particular directive that i need to
> set to have strongswan load all the public keys in this directory?
> Cheers,
> Pete
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141002/d05f49cb/attachment.bin>

More information about the Users mailing list