[strongSwan] Separate files for crt and key

Andreas Steffen andreas.steffen at strongswan.org
Fri Jan 26 16:46:10 CET 2018

Hi Marc,

certificates and keys are always loaded from separate files (with the
exemption of PKCS#12 containers). The certificates are loaded via
leftcert|rightcert entries in ipsec.conf and keys are loaded via
RSA|ECDSA entries in ipsec.secrets. The matching of certs and keys
is done automatically by the strongSwan daemon.



On 26.01.2018 15:01, Marc Roos wrote:
> Is it possible to specify separate files for the crt and key? Something
> like
> 	leftcert=moonCert.crt
>        leftkey=moonCert.key ???
> conn rw-eap
> 	left=
> 	leftsubnet=
> 	leftid=@moon.strongswan.org
> 	leftcert=moonCert.pem
> 	leftauth=pubkey
> 	leftfirewall=yes
> 	rightid=*@strongswan.org
> 	rightauth=eap-md5
> 	rightsendcert=never
> 	right=%any
> 	auto=add

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4150 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180126/6f7adde5/attachment.bin>

More information about the Users mailing list