Here I considering ESP IPSEC with authentication based on certificate between two peer.
1. use the following command to generate private key and certificate request
openssl req -new -nodes -out req.pem -keyout cert.pem
here cert.pem is the private key and req.pem is the certificate request
2. Get this certificate signed by some certificate authority (CA) using the following commands
openssl x509 -req -days 365 -in certs/req.pem -CA cacert.pem -CAkey private/cakey.pem -CAcreateserial -outform PEM -out certs/mycert.pem
3. Now put both the certificate as well as CA public certificate in the directory specified in racoon.conf file give the following commands
ln -s CA.crt `openssl x509 -noout -hash -in CA.crt`.0
4. Start racoon
ref :http://www.fefe.de/racoon.txt
No comments:
Post a Comment