Hi
I have Linux FreeS/WAN super-freeswan-1.99.8 with X509 patch on server side,
with working WinXP native IPSEC connections (where i'm CA).
Now I want to add cert to freeswan from custumer, where he is a CA.
He gives me cert.pfx and cert-ca.p7b (CA Cert).
So i converted those certs in PEM format:
Private cert:
openssl pkcs12 -in cert.pfx -out cert_pem.pem
openssl rsa -in cert_pem.pem -out cert.pem # to remove password
CA cert:
openssl pkcs7 -inform DER -in cert-ca.p7b -print_certs -text -out cert-ca.pem
I configured ipsec.conf:
conn customer
left=(my IP)
leftsubnet=192.168.1.0/24
leftcert=/etc/ipsec.d/cert.pem
right=(Customer's IP)
rightsubnet=10.0.10.0/24
rightcert=/etc/ipsec.d/cert-ca.pem
rightca=%same
pfs=yes
auto=start
Is certificate convertion process OK?
IS ipsec.conf configuration OK?
What should I define in ipsec.secrets?
Thanks a lot!!!
|
Similar Threads
Linear Mode
