Security Basics mailing list archives
Using OpenSSL generating a RootCA, Intermediate, and Personal Certs for use with IPSec/IKEv2
From: Adrian J Milanoski <amilanoski () gmail com>
Date: Tue, 1 Feb 2011 11:31:23 -0500
Hi all, I have a task on my hands here and I have to setup numerous VPN appliance and some software. I am fairly new to the CA portion of things I understand the concepts and how they work etc... I am having serious issues with creating these certificates and how they are trusting each other. I have created and deleted so many certificates I probably could have generated ALL for the world by now... ugh... So, here we go I haven't received any of my hardware devices just yet but have been working with my Ubuntu 10.10 w/ StrongSwan v4.5 and MS Windows 2008 Enterprise w/ Network Policy and Access Services Role enabled. I am generating all the certs on Ubuntu with OpenSSL and have gotten it to the point where I look at the certs on my Windows 2008 server and I see the hierarchy as it should be, but when I try and login with the my WinXP machine it recognizes the certs and the user, but it denies it with error 'invalid certificate'. Could this be because Windows XP doesn't support IKEv2? Either way the VPN isn't locked down allowing only that type of encryption in. Has anyone had any experience with this? Do I need to have a dedicated CA? Do I need to have a dedicated domain? - A ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Using OpenSSL generating a RootCA, Intermediate, and Personal Certs for use with IPSec/IKEv2 Adrian J Milanoski (Feb 03)