[strongSwan] Separate files for crt and key
Marc Roos
M.Roos at f1-outsourcing.eu
Sat Jan 27 11:50:17 CET 2018
Thanks Noel, Andreas. I got it working with the win7 clients! I always
use the pem extension as crt and key combined and I am seeing pem in the
docs.
-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org]
Sent: vrijdag 26 januari 2018 16:46
To: users at lists.strongswan.org
Subject: Re: [strongSwan] Separate files for crt and key
Hi Marc,
certificates and keys are always loaded from separate files (with the
exemption of PKCS#12 containers). The certificates are loaded via
leftcert|rightcert entries in ipsec.conf and keys are loaded via
RSA|ECDSA entries in ipsec.secrets. The matching of certs and keys
is done automatically by the strongSwan daemon.
Regards
Andreas
On 26.01.2018 15:01, Marc Roos wrote:
> Is it possible to specify separate files for the crt and key?
> Something like
>
> leftcert=moonCert.crt
> leftkey=moonCert.key ???
>
>
>
>
> conn rw-eap
> left=192.168.0.1
> leftsubnet=10.1.0.0/16
> leftid=@moon.strongswan.org
> leftcert=moonCert.pem
> leftauth=pubkey
> leftfirewall=yes
> rightid=*@strongswan.org
> rightauth=eap-md5
> rightsendcert=never
> right=%any
> auto=add
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil CH-8640 Rapperswil
(Switzerland)
===========================================================[INS-HSR]==
More information about the Users
mailing list