Thanks for the inputs Martin, that woked !. But, I observed one more thing. The Authority key identifier and the Subject Key identifier of the On demand certificate is SAME. !. The authority key identifier of the On demand certificate should be the Issuer's Subject Key Identifier right ? (Am using Strongswan-5.0.2)
Thanks and Regards, Naren On Mon, Feb 10, 2014 at 3:21 PM, Martin Willi <mar...@strongswan.org> wrote: > > > Am using load tester plugin. I need to check the end entity certificate > > contents (on demand certificate). So need the on demand certificate in > .pem > > format. > > You may try to use "ipsec listcerts" to list any certs in the cache, > then use "ipsec stroke exportx509 <DN>" to print a certificate for a > Distinguished Name. > > Newer releases also support "ipsec stroke exportconncert <conn>" and > "ipsec stroke exportconnchain <conn>" to export a certificate/chain for > a specific established connection. > > > // Before peer_key->destroy(peer_key); i added the below 3 lines. > > > > this->ca->get_encoding(this->ca, CERT_PEM, &test_enc); > > chunk_write(test_enc, ChunkDumpPath, "pem", 022, TRUE); > > chunk_free(&test_enc); > > this->ca as it says is the CA certificate. If you want the end entity > certificate, try the generated peer_cert. > > Regards > Martin > >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
