Re: [strongSwan] Separate files for crt and key
Thanks Noel, Andreas. I got it working with the win7 clients! I always use the pem extension as crt and key combined and I am seeing pem in the docs. -Original Message- From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] Sent: vrijdag 26 januari 2018 16:46 To: users@lists.strongswan.org Subject: Re: [strongSwan] Separate files for crt and key Hi Marc, certificates and keys are always loaded from separate files (with the exemption of PKCS#12 containers). The certificates are loaded via leftcert|rightcert entries in ipsec.conf and keys are loaded via RSA|ECDSA entries in ipsec.secrets. The matching of certs and keys is done automatically by the strongSwan daemon. Regards Andreas On 26.01.2018 15:01, Marc Roos wrote: > Is it possible to specify separate files for the crt and key? > Something like > > leftcert=moonCert.crt >leftkey=moonCert.key ??? > > > > > conn rw-eap > left=192.168.0.1 > leftsubnet=10.1.0.0/16 > leftid=@moon.strongswan.org > leftcert=moonCert.pem > leftauth=pubkey > leftfirewall=yes > rightid=*@strongswan.org > rightauth=eap-md5 > rightsendcert=never > right=%any > auto=add > -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[INS-HSR]==
Re: [strongSwan] Separate files for crt and key
Hi Marc, certificates and keys are always loaded from separate files (with the exemption of PKCS#12 containers). The certificates are loaded via leftcert|rightcert entries in ipsec.conf and keys are loaded via RSA|ECDSA entries in ipsec.secrets. The matching of certs and keys is done automatically by the strongSwan daemon. Regards Andreas On 26.01.2018 15:01, Marc Roos wrote: Is it possible to specify separate files for the crt and key? Something like leftcert=moonCert.crt leftkey=moonCert.key ??? conn rw-eap left=192.168.0.1 leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org leftcert=moonCert.pem leftauth=pubkey leftfirewall=yes rightid=*@strongswan.org rightauth=eap-md5 rightsendcert=never right=%any auto=add -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[INS-HSR]== smime.p7s Description: S/MIME Cryptographic Signature
Re: [strongSwan] Separate files for crt and key
Hi, The pretense - that charon loads the cert and key from the same file - is wrong. charon takes the path to the key from ipsec.secrets. Kind regards Noel On 26.01.2018 15:01, Marc Roos wrote: > Is it possible to specify separate files for the crt and key? Something > like > > leftcert=moonCert.crt > leftkey=moonCert.key ??? > > > > > conn rw-eap > left=192.168.0.1 > leftsubnet=10.1.0.0/16 > leftid=@moon.strongswan.org > leftcert=moonCert.pem > leftauth=pubkey > leftfirewall=yes > rightid=*@strongswan.org > rightauth=eap-md5 > rightsendcert=never > right=%any > auto=add signature.asc Description: OpenPGP digital signature
[strongSwan] Separate files for crt and key
Is it possible to specify separate files for the crt and key? Something like leftcert=moonCert.crt leftkey=moonCert.key ??? conn rw-eap left=192.168.0.1 leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org leftcert=moonCert.pem leftauth=pubkey leftfirewall=yes rightid=*@strongswan.org rightauth=eap-md5 rightsendcert=never right=%any auto=add