Hello, Noel,
one more question:
Is it possbile to extend the lifetime of certificate on server when it
expires? That would save me a lot of time to avoid changing the *.p12
files on vpn client machines.
Best Regards!
Quine
2014-9-19
-------- Forwarded Message --------
Subject: Re: [strongSwan] Is IKEv2 certificate binding to the hardware?
Date: Fri, 19 Sep 2014 01:57:29 +0800
From: tefeng <[email protected]>
To: Noel Kuntze <[email protected]>
Hello, Noel,
Many THX! After reproducing the server certificates (serverKey.pem and
serverCert.pem with "--san" field), IKEv2 certificate now is OK. :)
And also thanks for your reminder. I got it wrong. I checked the
strongSwan website again and found the instructions use "ipsec pki
--self ..." to produce certificate. Then I can use the argument
"--lifetime".
Best Regards!
Quine
2014-9-19
On 9/19/2014 1:06 AM, Noel Kuntze wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
First question: No. Check the SAN fields.
Second question: pki --pub gives you the corresponding public key for the input
private key or certificate. The output is not a certificate.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 18.09.2014 um 18:53 schrieb tefeng:
Hi, All,
I have been using strongswan 4.6.4 on my VPS and it worked well. Recently I
migrated it to another VPS (still 4.6.4 and the same certificates copied from
the previous VPS) but the vpn client (Agile VPN Client in win7 or strongSwan
VPN Client for android) with IKEv2 certificate didn't work except that IKEv1
certificate is OK with Cisco VPN Client.
Is IKEv2 certificate binding to the hardware? If yes, then I have to reproduce
the certificates.
The 2nd question: Is it possible to substitute "ipsec pki --self ..." for "ipsec pki --pub
..."? Because the command "--pub" only produces a certificate with fixed 3 years lifetime and
I want more.
Any recommendation would be really appreciated. Thank in Adv.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJUGxEPAAoJEDg5KY9j7GZYX3UP/2+HbGUyA07IshfAUE3301ur
qLqs5UluKGBOp5Ot0RQM5Q4s+ubte70wlb4dmfMBUR1SCrPehjcNCz31jeZYsoGN
udsA/XlWzScunc7Cjgw9BPe9IYIaMnf1AVCPXgOV1s7jiF+wDlrn6qRgxdt7B8Dt
xBD0YWft2WEGtn4El97386+HZXIWo0zSjpbQqtdpRZ5C5VK6ECYKvnoCFEW9ctc8
i3Vv+wQCxm3ibJfXdbvJLnyKlPAVxUDU7+71t+dFUMIqGiNHt/eQlRZqOzflEcGk
t7M5OwkFOjigd1UjWQIKumBaxQ47HX8JayfUxoPBVrjk3uOwo1xn363yY5tjke0Q
i5/ax4UdFcKTGoMZ0SdhrDXLh0jmIc8SszunJ8b6N+l6f3nAK0NeZzMdBT/EsJqG
2QN6R6zQxrR9emFnvIBt4rF01iYjYDsQCW80oWRARmRlC+sS+IDJ+8wzx9prDg0H
ZnOYfL3Mwv5Rxhcrd9mLnXnhnl8pTTjLAiz57gZbuzHJlHF84WX1MpiETOBGyRT3
qUt65MddstjcgKRNRYC+whaNqqswlRjlwvXLV1/PRcUfypM/zhLpRtYHbV5TfI5r
XwemSV7H9lOXp8JNIamuxK8eIcqRddQIdrTDbBnOeR/7/7U6P3UBOYwjCfrEnNYm
tAyMfPgxh5DKVrNYJxFo
=DzH9
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
