Vit Pelcak wrote: > Hi. > > I'd like to ask you how can I create and export ECDSA certs and keys for > this scenario: > http://www.strongswan.org/uml/testresults42/openssl/ecdsa-certs/ > I described the generation of EC keys in the following posting:
https://lists.strongswan.org/pipermail/users/2008-October/002789.html The "openssl ecparam -genkey" puts a parameter description in front of the actual EC key, a construct which strongSwan's private key parser is not able to handle. Therfore either delete the parameter description manually using an ASCII editor or execute the following "cleansing" command: openssl ec -in ecKey.pem -out ecKey.pem > I already have CA and RSA certs and keys exported: > > # find /etc/ipsec.* | grep pem > /etc/ipsec.d/private/machine-1.pem > /etc/ipsec.d/certs/machine-1.pem > /etc/ipsec.d/cacerts/ipsec-test.pem > /etc/ipsec.d/crls/ipsec-crl.pem > > I can pass test: > http://www.strongswan.org/uml/testresults42/openssl/ike-alg-ecp-high/ > > Do I need whole new CA or just new keys and certs are enough? > No, you can use your CA's RSA key to sign an ECDSA certificate. > Thank you. > > Regards > Vit Pelcak Regards Andreas ====================================================================== Andreas Steffen [EMAIL PROTECTED] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
