[strongSwan] Separate files for crt and key
Andreas Steffen
andreas.steffen at strongswan.org
Fri Jan 26 16:46:10 CET 2018
Hi Marc,
certificates and keys are always loaded from separate files (with the
exemption of PKCS#12 containers). The certificates are loaded via
leftcert|rightcert entries in ipsec.conf and keys are loaded via
RSA|ECDSA entries in ipsec.secrets. The matching of certs and keys
is done automatically by the strongSwan daemon.
Regards
Andreas
On 26.01.2018 15:01, Marc Roos wrote:
> Is it possible to specify separate files for the crt and key? Something
> like
>
> leftcert=moonCert.crt
> leftkey=moonCert.key ???
>
>
>
>
> conn rw-eap
> left=192.168.0.1
> leftsubnet=10.1.0.0/16
> leftid=@moon.strongswan.org
> leftcert=moonCert.pem
> leftauth=pubkey
> leftfirewall=yes
> rightid=*@strongswan.org
> rightauth=eap-md5
> rightsendcert=never
> right=%any
> auto=add
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4150 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180126/6f7adde5/attachment.bin>
More information about the Users
mailing list