[Swan] IPSec PKI based policy requirement.
paul at nohats.ca
Thu Apr 22 19:06:21 UTC 2021
Libreswan complies to RFC 4945 but also accepts webpki/TLS authentication. So almost all certificate EKU’s or lack there of will do.
Sent from my iPhone
> On Apr 22, 2021, at 13:24, Madhan Raj <madhanrajrm at gmail.com> wrote:
> Hi Swan users,
> My libreswan version is libreswan-3.25-9.1.el7.x86_64
> and my public key has the below XU and EXU extensions currently
> X509v3 Key Usage:
> Digital Signature, Key Encipherment, Data Encipherment, Certificate Sign
> X509v3 Extended Key Usage:
> TLS Web Server Authentication, TLS Web Client Authentication, IPSec End System
> X509v3 Subject Key Identifier:
> X509v3 Basic Constraints: critical
> CA:TRUE, pathlen:0
> So i wan't to know does libreswan really need the Key Encipherment & IPSec End System XKU to bring up the IKE connection ?
> It would be great if I can get the recommended XU and EXU in the public key to bring up an ipsec connection up and running.
> Swan mailing list
> Swan at lists.libreswan.org
More information about the Swan