Re: fswcert
On Tuesday, 2002-04-09 at 00:03:20 -0400, Noah L. Meyerhans wrote:
> On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote:
> > the "fswcert" tool, which is used to extract private key from
> > certificate was before in freeswan package. I was not able to find it in
> > 1.95 version of freeswan. Anyone knows why it has been removed ???
>
> Because it's no longer needed. The Debian freeswan packages can use
> certs directly. Some stuff in /usr/share/doc/freeswan will help you
> figure out how to use them.
>
Here is an example:
conn %default
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
left=%defaultroute
leftsubnet=192.168.2.0/24
leftid="C=DE, ST=Bavaria, O=Octogon Gesellschaft fuer Computer-Dienstleistungen mbH, OU=Lupe's Home Office, CN=antalya.lupe-christoph.de/Email=lupe@lupe-christoph.de"
The ID is in the certificate. Extract it like:
openssl x509 -in certificate.pem -noout -text | sed -n -e 's/.*Subject: //p'
Mail me directly if you need help setting this up.
HTH,
Lupe Christoph
--
| lupe@lupe-christoph.de | http://free.prohosting.com/~lupe |
| I have challenged the entire ISO-9000 quality assurance team to a |
| Bat-Leth contest on the holodeck. They will not concern us again. |
| http://public.logica.com/~stepneys/joke/klingon.htm |
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- Follow-Ups:
- Re: fswcert
- From: Andrew Pimlott <ota-10@andrew.pimlott.net>
- References:
- fswcert
- From: Victor Vuillard <victor.vuillard@securitykeepers.com>
- Re: fswcert
- From: "Noah L. Meyerhans" <frodo@morgul.net>