IPSec and certificates
All,
I wanted to find out if anyone knew of anything that could help me configure racoon to use certificates with Windows for IPSec transport (re: not tunnels). I am particularly interested in what to do to get both *nix and Windows to talk using certificates.
I was able to get it to work with PSK, but I don't like that method. Too insecure I think. Certificates are better. I got as far as exporting a x509 certificate from a Windows CA, but with racoon, I believe you need to specify the certificate AND the key. Windows would not allow me to export the keys, and I'm not sure how to generate one off the certificate with openssl, or if that's even possible. I'm basically lost in my own lack of understanding, and was hoping someone could point me in the right direction.
Thank you,
-P
|