Re: [Users] key creation

Hi Mark,

I'm not quite sure if I got your problem right, but the procedures to create/install the needed keys/certificate for a x509 patched freeswan are :

1. Generate a selfsigned Root CA, if you don't have one. 1.1. Generating the private key for the root CA: openssl genrsa -des3 -out private/cakey.pem 2048 1.2. Generate the certificate and sign it with the private key: openssl req -new -x509 -days 1460 -key private/cakey.pem -out cacert.pem
2. Create a certificate for the gateway machine: 2.1. Generating the private key: openssl genrsa -des3 -out private/gatewayKey.pem 1024 2.2.Create the certificate request: openssl req -new -key private/gatewayKey.pem -out gatewayReq.pem 2.3.Sign the request: openssl ca -notext -in gatewayReq.pem -out gatewayCert.pem

Out of historical reasons, you have to put the certificate also in a binary form into /etc/x509cert.der:

openssl x509 -in gatewayCert.pem
  -outform der -out /etc/x509cert.der

Now setup the /etc/ipsec.secrets file.
If you are using certificates, it is enough to just enter the name for the private key and the passphrased used to decode for example:

: RSA gatewayKey.pem "passphrase"

The last step will be to setup the /etc/ipsec.conf file matching your connections and maybe some additional erouting.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

That's all !

Best regards

Dennis

Mark Ireland-Spicer wrote:
> I have installed FreeSWAN from RPM on my RH8 system. When I ran 'verify'