2016-09-29 20:01 GMT+03:00 Paul Wouters <[email protected]>: There are various tools you can use to generate certificates. openssl, > or nss's certutil, or xca or tinyCA2, etc etc. > > You can find the example code we use to generate our test certficates > herE: > > https://github.com/libreswan/libreswan/blob/master/testing/x > 509/dist_certs.py >
Ок. I use lines : certutil -S -k rsa -c "cacert01" -n "server01" -s "CN=gateway.example.org" \ -v 12 -t "u,u,u" --keyUsage digitalSignature,keyEncipherment --extKeyUsage serverAuth -8 "gateway.example.org" -d sql:./cert Its correct ? > You should be able to omit the rightrsasigkey= line if you are using > leftcert= already. > It's clear. No i use ( client side ) ... right=gateway.example.org rightid=%fromcert rightrsasigkey=%cert NO WORKS :( and use: right=gateway.example.org # rightid=%fromcert rightrsasigkey=%cert WORKS. I read manual for ipsec and view : line rightrsasigkey=%cert exclude line rightid=%fromcert and see rightid from line right Its correct ? > Unfortunately, no. all EAP code is openssl/wpa_supplicant based, > and libreswan uses NSS. So we have not yet written all the code > needed for EAP support. Ok. Paul > Тhanks. -- mx
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
