We are trying to set up of VPN tunnel using IKE v2 between a windows 2008 VPN server and a linux machine running strongswan. We are trying to do this using machine certificates. We are using a Windows 2008 r2 private certificate authority. I am not sure how to generate the CSR in openssl for a machine certificate. In windows land we put information about the certificate into a .inf file with following content:
[NewRequest] Subject="CN=MACHINE.DOMAIN.COM" Exportable=TRUE KeyLength=2048 KeySpec=1 KeyUsage=0xF0 MachineKeySet=TRUE RequestType=CMC ProviderName="Microsoft RSA SChannel Cryptographic Provider" ProviderType=12 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 OID=1.3.6.1.5.5.7.3.2 OID=1.3.6.1.5.5.8.2.2 [RequestAttributes] SAN="dns:MACHINE.DOMAIN.COM" This inf file is then used as input to the CSR. Can I/How would I/ tell open SSL to generate an equivalent CSR. Any insight someong could provide would be much appreciated. Thank you. Matt Hymowitz, CISSP Manager GMP Networks, LLC 520 577-3891 x 11
