StrongSwan: Difference between revisions
m Reworded a few parts to make more sense |
m →Creating a certificate for clients: Changed server to client, removed redundancy |
||
| Line 102: | Line 102: | ||
# Change the permissions of the private key, so that only root can access it: | # Change the permissions of the private key, so that only root can access it: | ||
#:<pre>chmod 600 client1Key.pem</pre> | #:<pre>chmod 600 client1Key.pem</pre> | ||
# Now we have the private key, generate the | # Now we have the private key, generate the client certificate: | ||
#:<pre>pki --issue --in client1Key.der --type priv --cacert caCert.der --cakey caKey.der --dn "C=GB, O=strongSwan, CN=client1.freddythechick.net" --san "client1.freddythechick.net" --lifetime 1825 --outform pem> client1Cert.pem</pre> | #:<pre>pki --issue --in client1Key.der --type priv --cacert caCert.der --cakey caKey.der --dn "C=GB, O=strongSwan, CN=client1.freddythechick.net" --san "client1.freddythechick.net" --lifetime 1825 --outform pem> client1Cert.pem</pre> | ||
The <code>CN</code> in the DN this time can be anything for the Windows client. No flags are required. | The <code>CN</code> in the DN this time can be anything for the Windows client. No flags are required. | ||
One of these must be created for each client you would like to connect to the server. '''Keep the CA key secure | One of these must be created for each client you would like to connect to the server. '''Keep the CA key secure as this will be needed each time you want to sign a client certificate.''' | ||
== Packaging the required certificates and keys for Windows == | == Packaging the required certificates and keys for Windows == | ||