Vit Pelcak wrote:
Hi.
I'd like to ask you how can I create and export ECDSA certs and keys for
this scenario:
http://www.strongswan.org/uml/testresults42/openssl/ecdsa-certs/
I described the generation of EC keys in the following posting:
https://lists.strongswan.org/pipermail/users/2008-October/002789.html
The openssl ecparam -genkey puts a parameter description in front
of the actual EC key, a construct which strongSwan's private key parser
is not able to handle. Therfore either delete the parameter description
manually using an ASCII editor or execute the following cleansing command:
openssl ec -in ecKey.pem -out ecKey.pem
I already have CA and RSA certs and keys exported:
# find /etc/ipsec.* | grep pem
/etc/ipsec.d/private/machine-1.pem
/etc/ipsec.d/certs/machine-1.pem
/etc/ipsec.d/cacerts/ipsec-test.pem
/etc/ipsec.d/crls/ipsec-crl.pem
I can pass test:
http://www.strongswan.org/uml/testresults42/openssl/ike-alg-ecp-high/
Do I need whole new CA or just new keys and certs are enough?
No, you can use your CA's RSA key to sign an ECDSA certificate.
Thank you.
Regards
Vit Pelcak
Regards
Andreas
==
Andreas Steffen [EMAIL PROTECTED]
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
