On Thu, 21 Jan 2016, ChenHao wrote:
I have configured pre-shared as authentication on HA machines. I also have
known how to configure rsasig on
standalone machine.
Now customer want to support rsasig on HA machine. Can I just copy public key
(/etc/ipsec.secrets) and private key
(/etc/ipsec.d/*.db) from ACTIVE to overwrite corresponding configuration on
STANDBY ? Then after HA switch over,
peer can still connect to our HA?
Libreswan stores all private keys in its internal NSS database in
/etc/ipsec.d/*.db so you need those as well as the ipsec.secrets
containing the public raw RSA key.
If the architectures are different, you might need to use certutil to
export and import the NSS entries.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
