[strongSwan] Is IKEv2 certificate binding to the hardware?

Noel Kuntze noel at familie-kuntze.de
Thu Sep 18 19:06:23 CEST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,
First question: No. Check the SAN fields.

Second question: pki --pub gives you the corresponding public key for the input private key or certificate. The output is not a certificate.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 18.09.2014 um 18:53 schrieb tefeng:
> Hi, All,
>
> I have been using strongswan 4.6.4 on my VPS and it worked well. Recently I migrated it to another VPS (still 4.6.4 and the same certificates copied from the previous VPS) but the vpn client (Agile VPN Client in win7 or strongSwan VPN Client for android) with IKEv2 certificate didn't work except that IKEv1 certificate is OK with Cisco VPN Client.
>
> Is IKEv2 certificate binding to the hardware?  If yes, then I have to reproduce the certificates.
>
> The 2nd question: Is it possible to substitute "ipsec pki --self ..." for "ipsec pki --pub ..."?  Because the command "--pub" only produces a certificate with fixed 3 years lifetime and I want more.
>
> Any recommendation would be really appreciated.  Thank in Adv.
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUGxEPAAoJEDg5KY9j7GZYX3UP/2+HbGUyA07IshfAUE3301ur
qLqs5UluKGBOp5Ot0RQM5Q4s+ubte70wlb4dmfMBUR1SCrPehjcNCz31jeZYsoGN
udsA/XlWzScunc7Cjgw9BPe9IYIaMnf1AVCPXgOV1s7jiF+wDlrn6qRgxdt7B8Dt
xBD0YWft2WEGtn4El97386+HZXIWo0zSjpbQqtdpRZ5C5VK6ECYKvnoCFEW9ctc8
i3Vv+wQCxm3ibJfXdbvJLnyKlPAVxUDU7+71t+dFUMIqGiNHt/eQlRZqOzflEcGk
t7M5OwkFOjigd1UjWQIKumBaxQ47HX8JayfUxoPBVrjk3uOwo1xn363yY5tjke0Q
i5/ax4UdFcKTGoMZ0SdhrDXLh0jmIc8SszunJ8b6N+l6f3nAK0NeZzMdBT/EsJqG
2QN6R6zQxrR9emFnvIBt4rF01iYjYDsQCW80oWRARmRlC+sS+IDJ+8wzx9prDg0H
ZnOYfL3Mwv5Rxhcrd9mLnXnhnl8pTTjLAiz57gZbuzHJlHF84WX1MpiETOBGyRT3
qUt65MddstjcgKRNRYC+whaNqqswlRjlwvXLV1/PRcUfypM/zhLpRtYHbV5TfI5r
XwemSV7H9lOXp8JNIamuxK8eIcqRddQIdrTDbBnOeR/7/7U6P3UBOYwjCfrEnNYm
tAyMfPgxh5DKVrNYJxFo
=DzH9
-----END PGP SIGNATURE-----

More information about the Users mailing list