I most admit that I haven`t tried that search exactly but I ve got this error with ISAKMPD adn try with that instead of openssl. Thx But I'd like to know what should I do with all the certs that I have to create. Which should go on the host pc (my OBSD where the CA is and etc...) and wich on the user pc THX
On 3/8/06, Brian Candler <[EMAIL PROTECTED]> wrote: > On Wed, Mar 08, 2006 at 03:10:23PM -0500, Doug Frippon wrote: > > Hi, I am trying to generate certificate that i,ll be using for a ipsec > > segment between a OBSD 3.8 and a Windows worstation. I'm using ISAKMPD > > for this on the OBSD side and the security filter on Windows. If I use > > a pre-shared key everything is fine but with the certificate I'm > > almost became mad. I'd like to know how to create X.509 certificate > > with subjectAltName. > > Did you try: > http://www.google.com/search?q=openssl+subjectaltname > > You'll see lots of pages there explaining how to do it. > > If you want a simplified solution, I suggest TinyCA: > http://tinyca.sm-zone.net/ > > This really just the openssl CA, but with a perl GUI (gtk) wrapper around > it. You can easily configure it so that it prompts you for a subjectAltName > at the time that each certificate is signed; this can contain either a > domain name, an IP address, or an E-mail address. > > If you want it *really* easy, then just burn a CD of roCA: > http://www.intrusion-lab.net/roca/ > > This is a bootable Knoppix (Linux) CD with TinyCA pre-installed. Just add a > USB flash pen and you have a standalone fully-functioning openssl CA with > fluffy GUI, without installing anything. I find a second USB pen is useful > for copying CSRs to the CA and copying the certificates back again. > > HTH, > > Brian. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
