[Swan] IPSec PKI based policy requirement.
Madhan Raj
madhanrajrm at gmail.com
Thu Apr 22 17:24:38 UTC 2021
Hi Swan users,
My libreswan version is libreswan-3.25-9.1.el7.x86_64
and my public key has the below XU and EXU extensions currently
X509v3 Key Usage:
Digital Signature, Key Encipherment, Data Encipherment,
Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication, IPSec End System
X509v3 Subject Key Identifier:
EF:D1:D4:57:4F:A1:4A:61:0F:DE:FB:27:AA:63:74:BC:94:ED:A1:18
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
So i wan't to know does libreswan really need the Key Encipherment &
IPSec End System XKU to bring up the IKE connection ?
It would be great if I can get the recommended XU and EXU in the public key
to bring up an ipsec connection up and running.
Thanks,
Madhan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210422/f2703aae/attachment.html>
More information about the Swan
mailing list