On 1/14/2022 10:01 PM, Paul Wouters wrote:
You can look at our python code for generating CAs, certs et all that
generates a bunch of different (normal and very weird) things:
https://raw.githubusercontent.com/libreswan/libreswan/main/testing/x509/dist_certs.py
I have tried it, but I really do not know how to install .pem or .crt
and .key into Windows 10 Local Machine key store, let alone how to
organize key distribution of keys without a password.
It would be optimal if my modified script for -k ec -q secp384r1 worked,
but alas no luck with that thus far.
In the end, RSA certs work just fine, I have also tried the strongswan
client on Android and it is OK, though slightly slower than the native
connection. ECDSA is just the final touch, it would be nice if that
worked, but for IKEv2 working I am very grateful and thank the LORD and
good Heavens!
I am really motivated by your policy to support people from all
backgrounds and all walks of life. I feel motivated to contribute to the
team in a supportive working atmosphere.
If I could finish this EC certs problem, that would be just fine because
I hate to quit. I must be doing *something* wrong because this seems to
have been supported in Windows 8.1 already:
https://support.microsoft.com/en-us/topic/ikev2-vpn-connection-fails-with-error-13806-when-you-use-an-ecdsa-certificate-in-windows-8-1-or-windows-server-2012-r2-84a9011d-d3f9-98fd-948d-88aa7e84636a
So, eventually I will think of something, but right now I feel like I'm
out of options.
I just can't explain why Windows 10 can't see the generated .p12 ECDSA
cert in the store.
Kind regards,
Mirsad
--
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
