[VPN] certificates without CA
Siddhartha Jain
losttoy2000 at yahoo.co.uk
Thu Jul 17 14:20:11 EDT 2003
Certificates are issued by CAs. I don't think its
possible to use certificates for authentication
without CAs.
--- Andreas Ott <aot at te.dk> wrote: > Hi
>
> I was wondering whether it is possible to
> authentificate a
> vpn-connection by exchanging certificates only,
> instead of setting up a CA.
>
> One one machine, I have Freeswan 1.99 with X.509
> patch and the following
> configuration:
>
> conn test
> leftcert=thismachine.pem
> leftsubnet=10.10.0.0/16
> left=%defaultroute
> rightcert=othermachine.pem
> rightsubnet=x.x.x.x/32
> right=%any
> pfs=yes
> auto=add
>
> On the other machine (windows 2000) I tried to use
> VPNDialer and the
> vpn-tool from ebootis.de, which basically are tools
> to deal with
> Windows' built-in IPSec-policy. But I'm unsure where
> to place the
> certificates and how to configure the tools.
>
> Now matter what I try, pluto complains about
> OAKELY_RSA_SIG not allowed
> and OAKLEY_DES_CBC not supported. As for the latter
> message, I verified
> that 3DES is supported in my Windows setup.
>
> Any hints and directions would be greatly
> appreciated. Also, if my
> ipsec.conf might be wrong, please correct.
>
> TIA
> Andreas
>
>
>
>
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
________________________________________________________________________
Want to chat instantly with your online friends? Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/
More information about the VPN
mailing list