Hi Anil, X.509 is one authentication method like pre-shared keys for a peer to prove it's identity. So if CERT authentication method is configured in your IKEv2 policy, you know that you have send CERTREQ and generate AUTH payload based on your certificate. You can have just Pre-Shared Keys based authentication method to build VPN.
Thanks, Raj On Tue, May 19, 2009 at 11:37 AM, Anil Maguluri < anil.magul...@lntinfotech.com> wrote: > > Hi Raj, > > Thanks for your response. > > How IKEv2 will get the X.509 CERTIFICATE information (interface)? > is it mandatory to develop VPN based PKI system? > > Regards, > Anil Kumar Maguluri > > > > > *Raj Singh <rsjen...@gmail.com>* > > 05/19/2009 11:28 AM > To > Anil Maguluri <anil.magul...@lntinfotech.com> > cc > ipsec@ietf.org Subject > Re: [IPsec] IKEv2 Certificate Information > > > > > Hi Anil, > > Please find my reply inline. > > On Tue, May 19, 2009 at 10:55 AM, Anil Maguluri <* > anil.magul...@lntinfotech.com* <anil.magul...@lntinfotech.com>> wrote: > > Hi All, > > I would like to know what are the different certificates to support in > IKEv2? > raj> The most commonly supported certificate forms are:* > **http://tools.ietf.org/html/draft-ietf-ipsecme-ikev2bis-03*<http://tools.ietf.org/html/draft-ietf-ipsecme-ikev2bis-03> > Section 3.6 > ...... > Certificate Encoding Value > ---------------------------------------------------- > > *X.509 Certificate - Signature 4* > *Hash and URL of X.509 certificate 12* > > .... > > > Is it mandatory to support CERT and CERTREQ payloads in IKE_AUTH message? > raj> NO. > > If yes, please let me know the supported Certificates information and > corresponding > RFC numbers. > > Also please let me know IKEv2 opensource code which contains the > certificates > information. > raj> StrongSwan and Racoon2 supports most of the features of IKEv2 > *http://www.strongswan.org/* <http://www.strongswan.org/> > *http://www.racoon2.wide.ad.jp/w/* <http://www.racoon2.wide.ad.jp/w/> > > > Thanks for your support. > > Regards, > Anil Kumar Maguluri > ______________________________________________________________________ > > _______________________________________________ > IPsec mailing list* > **ip...@ietf.org* <IPsec@ietf.org>* > **https://www.ietf.org/mailman/listinfo/ipsec*<https://www.ietf.org/mailman/listinfo/ipsec> > > Thanks, > Raj > > ______________________________________________________________________ > > ______________________________________________________________________ >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
