Yes, my use case included both the certificate and the private key for the client. I have never heard of authentication with only a key and no certificate, except in the case of a preshared key (PSK). I added the subjectAltName to the client certificate with the -8 switch. e.g.
certutil -S -c "ExampleCA" -n "client1.example.com" -s "O=Example,CN=client1.example.com" -k rsa -v 12 -d sql:test -t ",," -1 -6 -8 "client1.example.com" On Wed, Jan 23, 2019 at 6:27 AM Kostya Vasilyev <[email protected]> wrote: > > Were you exporting keys that are part of some certificates? _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
