[strongSwan] PKCS#12 and leftid

Volker Rümelin vr_strongswan at t-online.de
Tue May 26 21:06:59 CEST 2015

> If you have any reference (website, paper) talking about this, I would
> be glad to read them.
The english wikipedia article about ASN.1 should get you started. Don't 
miss the link to that 'A Layman's Guide to a Subset of ASN.1, BER, and 
DER' article there. RFC 5280 defines x509 certificates.

> So I successed in creating a DER format file but I don't know wich part
> of the "openssl asn1dn ..." I'm supposed to specify in
> leftid="asn1dn:#xxxxxx". I dont know what is supposed to replace xxxxx.
>     You have to use quotes.
>              leftid="asn1dn:#306c310b3009060355040613024445...
>     And you have to specify the DN in DER encoded format.
>     openssl asn1parse decodes my DN example to
>          0:d=0  hl=2 l= 108 cons: SEQUENCE
>          2:d=1  hl=2 l=  11 cons:  SET
>          4:d=2  hl=2 l=   9 cons:   SEQUENCE
>          6:d=3  hl=2 l=   3 prim:    OBJECT            :countryName
>         11:d=3  hl=2 l=   2 prim:    PRINTABLESTRING   :DE
>         15:...
You can extract the RDN from your DER encoded certificate or certificate 
request. openssl asn1parse will tell you the offset and number of bytes 
to copy. In my example the offset is 0 and length is hl+l=110 bytes. 
Just find a sequence similar to my example in your openssl asn1parse 


More information about the Users mailing list