On Sun, Jun 24, 2018 at 08:43:32AM +0000, Stuart Henderson wrote: > On 2018-06-23, C. L. Martinez <carlopm...@gmail.com> wrote: > > Hi all, > > > > I am using Easy-RSA to manage my home's CA (using elliptic curve > > certificates). I have created a certificate for my OpenBSD gw for IKEv2 > > connections (using strongswan mainly). My question is where do I need to > > put OpenBSD certs under /etc/iked? > > > > I have installed myhost.crt in /etc/iked/pubkeys/fqdn/myhost.crt and > > myhost.key in /etc/iked/private/myhost.key, but running "iked -dvv" returns > > me the following error: > > The CA cert needs to go in /etc/iked/ca, do you have that? > >
Yes, it is there: -rw-r--r-- 1 root wheel 1326 Jun 24 10:12 /etc/iked/ca/ca.crt -- Greetings, C. L. Martinez
