StrongSwan: Difference between revisions
Major rework for new VICI framework underway. Finished to 'Configuring strongSwan' |
m →Creating a self-signed certificate authority (CA): removed obsolete folders |
||
| Line 58: | Line 58: | ||
# Make sure you are in the correct directory above. | # Make sure you are in the correct directory above. | ||
# Generate a private key for the CA: | # Generate a private key for the CA: | ||
#:<pre>pki --gen --type ecdsa --size 384 --outform pem > | #:<pre>pki --gen --type ecdsa --size 384 --outform pem > caKey.pem</pre> | ||
# Change the permissions of the private key, so that only root can access it: | # Change the permissions of the private key, so that only root can access it: | ||
#:<pre>chmod 600 private/caKey.pem</pre> | #:<pre>chmod 600 private/caKey.pem</pre> | ||
# Now we have the private key, generate the CA certificate: | # Now we have the private key, generate the CA certificate: | ||
#:<pre>pki --self --ca --lifetime 3650 --in | #:<pre>pki --self --ca --lifetime 3650 --in caKey.pem --dn "C=GB, O=strongSwan, CN=strongSwan CA" --outform pem > caCert.pem</pre> | ||
You now have a self-signed CA certificate, ready to sign any certificates to be used by the VPN server. | You now have a self-signed CA certificate, ready to sign any certificates to be used by the VPN server. | ||