StrongSwan: Difference between revisions
m →Creating a self-signed certificate authority (CA): removed obsolete folders |
m →Creating a certificate for the server: Removed obsolete folders |
||
| Line 72: | Line 72: | ||
# Make sure you are still in the correct directory. | # Make sure you are still in the correct directory. | ||
# Generate a private key for the certificate: | # Generate a private key for the certificate: | ||
#:<pre>pki --gen --type ecdsa --size 384 --outform pem > | #:<pre>pki --gen --type ecdsa --size 384 --outform pem > serverKey.pem</pre> | ||
# Change the permissions of the private key, so that only root can access it: | # Change the permissions of the private key, so that only root can access it: | ||
#:<pre>chmod 600 | #:<pre>chmod 600 serverKey.pem</pre> | ||
# Now we have the private key, generate the server certificate: | # Now we have the private key, generate the server certificate: | ||
#:<pre>pki --issue --in serverKey.pem --type priv --cacert caCert.der --cakey caKey.der --dn "C=GB, O=strongSwan, CN=thinkserver.freddythechick.net" --san "thinkserver.freddythechick.net" --flag serverAuth --flag ikeIntermediate --lifetime 1825 --outform pem > serverVCert.pem</pre> | #:<pre>pki --issue --in serverKey.pem --type priv --cacert caCert.der --cakey caKey.der --dn "C=GB, O=strongSwan, CN=thinkserver.freddythechick.net" --san "thinkserver.freddythechick.net" --flag serverAuth --flag ikeIntermediate --lifetime 1825 --outform pem > serverVCert.pem</pre> | ||