Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Using OpenSSL generating a RootCA, Intermediate, and Personal Certs for use with IPSec/IKEv2

From: Adrian J Milanoski <amilanoski () gmail com>
Date: Tue, 1 Feb 2011 11:31:23 -0500
Hi all,

I have a task on my hands here and I have to setup numerous VPN
appliance and some software. I am fairly new to the CA portion of
things I understand the concepts and how they work etc...


I am having serious issues with creating these certificates and how
they are trusting each other. I have created and deleted so many
certificates I probably could have generated ALL for the world by
now... ugh...


So, here we go I haven't received any of my hardware devices just yet
but have been working with my Ubuntu 10.10 w/ StrongSwan v4.5 and MS
Windows 2008 Enterprise w/ Network Policy and Access  Services Role
enabled.

I am generating all the certs on Ubuntu with OpenSSL and have gotten
it to the point where I look at the certs on my Windows 2008 server
and I see the hierarchy as it should be, but when I try and login with
the my WinXP machine it recognizes the certs and the user, but it
denies it with error 'invalid certificate'. Could this be because
Windows XP doesn't support IKEv2? Either way the VPN isn't locked down
allowing only that type of encryption in.

Has anyone had any experience with this? Do I need to have a dedicated
CA? Do I need to have a dedicated domain?


-
A

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: