On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote: > On Tue, Apr 09, 2002 at 08:01:14AM +0200, Lupe Christoph wrote: > > Here is an example: > > > > conn %default > > authby=rsasig > > leftrsasigkey=%cert > > rightrsasigkey=%cert > > left=%defaultroute > > leftsubnet=192.168.2.0/24 > > leftid="C=DE, ST=Bavaria, O=Octogon Gesellschaft fuer > > Computer-Dienstleistungen mbH, OU=Lupe's Home Office, > > CN=antalya.lupe-christoph.de/[EMAIL PROTECTED]" > > > > The ID is in the certificate. Extract it like: > > openssl x509 -in certificate.pem -noout -text | sed -n -e 's/.*Subject: > > //p' > > You can save yourself this step: use a leftcert pointing to your > certificate, and you don't need the leftid. Reduces redundancy, and > avoids having that huge long line in your config file!
Hmm. It would be nice if the manpage for ipsec.conf had been patched to mention this... Thanks! Lupe -- | [EMAIL PROTECTED] | http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
