Re: fswcert

To: debian-security@lists.debian.org
Cc: Victor Vuillard <victor.vuillard@securitykeepers.com>
Subject: Re: fswcert
From: Andrew Pimlott <ota-10@andrew.pimlott.net>
Date: Tue, 9 Apr 2002 08:50:18 -0400
Message-id: <[🔎] 20020409125018.GA21436@pimlott.net>
In-reply-to: <[🔎] 20020409060114.GC25649@lupe-christoph.de>
References: <[🔎] 3CAD78D5.64EE6F20@securitykeepers.com> <[🔎] 20020409000320.L2564@morgul.net> <[🔎] 20020409060114.GC25649@lupe-christoph.de>

On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
> Here is an example:
> 
> conn %default
>         authby=rsasig
>         leftrsasigkey=%cert
>         rightrsasigkey=%cert
>         left=%defaultroute
>         leftsubnet=192.168.2.0/24
>         leftid="C=DE, ST=Bavaria, O=Octogon Gesellschaft fuer Computer-Dienstleistungen mbH, OU=Lupe's Home Office, CN=antalya.lupe-christoph.de/Email=lupe@lupe-christoph.de"
> 
> The ID is in the certificate. Extract it like:
> openssl x509 -in certificate.pem -noout -text | sed -n -e 's/.*Subject: //p' 

You can save yourself this step: use a leftcert pointing to your
certificate, and you don't need the leftid.  Reduces redundancy, and
avoids having that huge long line in your config file!

Andrew


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: fswcert
  - From: lupe@lupe-christoph.de (Lupe Christoph)

References:
- fswcert
  - From: Victor Vuillard <victor.vuillard@securitykeepers.com>
- Re: fswcert
  - From: "Noah L. Meyerhans" <frodo@morgul.net>
- Re: fswcert
  - From: lupe@lupe-christoph.de (Lupe Christoph)

Prev by Date: Re: NFS, password transparency, and security
Next by Date: Denied ports 1339, 2049 and 2702
Previous by thread: Re: fswcert
Next by thread: Re: fswcert
Index(es):
- Date
- Thread