Dr. Stephen Henson wrote:
PEM should be accepted but its very picky about any extra data before the
-----BEGIN CERTIFICATE----- line.
Hmm... I'll check - but I suspect it's too picky for me. :-)
True. As IPsec peers can exchange their certs automatically.
and I don't think Windows supports verification based just on server
certificate.
Well, I'm not sure I understand what you mean. My Windows box has server
and CA cert installed - and it establishes IPsec SAs with the server
just fine (i.e. without actually going to CA online).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
