[strongSwan] ECDSDA certificates / keys?
Kostya Vasilyev
kman at fastmail.com
Thu Mar 14 13:46:25 CET 2019
Thank you Tobias,
On Thu, Mar 14, 2019, at 3:41 PM, Tobias Brunner wrote:
> Hi Kostya,
>
> > Does IPSec in general and strongSwan in particular support certificate authentication with ECDSA keys?
>
> Sure.
>
> > -----BEGIN EC PARAMETERS-----
> > Bgg.....==
> > -----END EC PARAMETERS-----
> > -----BEGIN EC PRIVATE KEY-----
> > MHcCA.......yDpwQ==
> > -----END EC PRIVATE KEY-----
>
> Remove the parameters, the pem plugin only parses the first BEGIN/END
> section in a PEM file.
Yes this worked.
What also worked is to convert the key from PEM to DER format:
openssl pkcs8 -topk8 -inform PEM -outform DER \
-in ec_server.pem \
-out ec_server.der -nocrypt
I mention this if anyone else runs into this issue.
-- K
More information about the Users
mailing list