[strongSwan] Separate files for crt and key

Marc Roos M.Roos at f1-outsourcing.eu
Sat Jan 27 11:50:17 CET 2018

Thanks Noel, Andreas. I got it working with the win7 clients! I always 
use the pem extension as crt and key combined and I am seeing pem in the 

-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
Sent: vrijdag 26 januari 2018 16:46
To: users at lists.strongswan.org
Subject: Re: [strongSwan] Separate files for crt and key

Hi Marc,

certificates and keys are always loaded from separate files (with the 
exemption of PKCS#12 containers). The certificates are loaded via
leftcert|rightcert entries in ipsec.conf and keys are loaded via
RSA|ECDSA entries in ipsec.secrets. The matching of certs and keys
is done automatically by the strongSwan daemon.



On 26.01.2018 15:01, Marc Roos wrote:
> Is it possible to specify separate files for the crt and key? 
> Something like
> 	leftcert=moonCert.crt
>        leftkey=moonCert.key ???
> conn rw-eap
> 	left=
> 	leftsubnet=
> 	leftid=@moon.strongswan.org
> 	leftcert=moonCert.pem
> 	leftauth=pubkey
> 	leftfirewall=yes
> 	rightid=*@strongswan.org
> 	rightauth=eap-md5
> 	rightsendcert=never
> 	right=%any
> 	auto=add

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil CH-8640 Rapperswil 

More information about the Users mailing list