Re: fswcert
On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
> On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote:
> > Here is an example:
> >
> > conn %default
> > authby=rsasig
> > leftrsasigkey=%cert
> > rightrsasigkey=%cert
> > left=%defaultroute
> > leftsubnet=192.168.2.0/24
> > leftid="C=DE, ST=Bavaria, O=Octogon Gesellschaft fuer Computer-Dienstleistungen mbH, OU=Lupe's Home Office, CN=antalya.lupe-christoph.de/Email=lupe@lupe-christoph.de"
> >
> > The ID is in the certificate. Extract it like:
> > openssl x509 -in certificate.pem -noout -text | sed -n -e 's/.*Subject: //p'
>
> You can save yourself this step: use a leftcert pointing to your
> certificate, and you don't need the leftid. Reduces redundancy, and
> avoids having that huge long line in your config file!
Hmm. It would be nice if the manpage for ipsec.conf had been
patched to mention this...
Thanks!
Lupe
--
| lupe@lupe-christoph.de | http://free.prohosting.com/~lupe |
| I have challenged the entire ISO-9000 quality assurance team to a |
| Bat-Leth contest on the holodeck. They will not concern us again. |
| http://public.logica.com/~stepneys/joke/klingon.htm |
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- Follow-Ups:
- Re: fswcert
- From: Andrew Pimlott <ota-10@andrew.pimlott.net>
- References:
- fswcert
- From: Victor Vuillard <victor.vuillard@securitykeepers.com>
- Re: fswcert
- From: "Noah L. Meyerhans" <frodo@morgul.net>
- Re: fswcert
- From: lupe@lupe-christoph.de (Lupe Christoph)
- Re: fswcert
- From: Andrew Pimlott <ota-10@andrew.pimlott.net>