"Victor Berdin" <[EMAIL PROTECTED]> wrote on 07/28/2003 01:37:01 AM:
> [snipped]
>
> > Thank you for the encouragement. I will keep trying! I just
> haven't been
> > able to find *any* documentation that tells you what to do when
> you've been
> > given only a .p12 file...
> >
> > I'll keep looking.
> >
> > Tim Massey
>
> This: http://www.natecarlson.com/linux/ipsec-x509.php
> along with the OpenSSL docs/howtos are also very helpful.
> Goodluck!
I've been poring over all of the docs that have been suggested (most of
which I had already read over). From what I can determine, the .p12 file I
have been given contains three things:
1) A client key (The actual key the VPN will use to encrypt the symmetric
keys, saved as a PEM)
2) A client cert (certifying that my key is valid according to the CA,
saved as a PEM)
3) A CA cert (allowing me to verify the key, and verify other people's
keys, saved as a DER)
So far, so good. However, now that I've identified them (and separated
them out into their own files), what do I do with them?
Basically, every set of instructions requires at least three things (and
some want more). The simplest is probably the Bering docs (
http://leaf.sourceforge.net/doc/guide/buipsec.html#id2894942):
cacert.pem
x509cert.der
crl.pem
For cacert.pem, I believe that my #3 should work, though mine is a DER and
it wants a PEM. Will this work?
For x509cert.der, I believe that my #1 should work, though this time mine
is a PEM and theirs is a DER.
However, I have no equivilent (that I can tell) for the crl.pem. All I
have left is a client cert. A crl file is a CA Revocation List. I don't
have one of those!
Am I correct so far? And what should I do for a CRL?
Sigh. I really wish I could generate a couple of RSA keys, share them
between the firewalls and call it a day... :(
Tim Massey
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
