[Swan] Moving host certificates from where they were created to where they will be used
William Atwood
william.atwood at concordia.ca
Sat Oct 28 03:54:07 EEST 2023
From the instructions on the Libreswan Wiki at
https://libreswan.org/wiki/HOWTO:_Using_NSS_with_libreswan, I am trying
to establish a set of certificates for a set of hosts in my lab.
I have one host that I will use to contain the CA, called Tarjan.
I have 10 other hosts, which will be members of the group overseen by
this CA. One of these is Perlis.
Tarjan first creates a Certificate Authority.
Tarjan (as CA) then creates a certificate for itself (as host).
Tarjan (as CA) then creates a certificate for Perlis.
Detailed instructions are given for exporting the CA certificate from
Tarjan, either as a .p12 file or as a .crt file, and then installing it
in NSS on Perlis.
However, I can find no example of exporting a host certificate from NSS
on Tarjan to copy into NSS on Perlis.
Clearly, I could import the .p12 file for the CA, including the private
key, and then Perlis could then generate its own host certificate, by
pretending to be the CA, but this seems very undesirable from a security
perspective.
Can someone help me to resolve this?
Bill
--
Dr. J.W. Atwood, Eng. tel: +1 (514) 848-2424 x3046
Distinguished Professor Emeritus fax: +1 (514) 848-2830
Department of Computer Science
and Software Engineering
Concordia University ER 1234 email:william.atwood at concordia.ca
1455 de Maisonneuve Blvd. West http://users.encs.concordia.ca/~bill
Montreal, Quebec Canada H3G 1M8
More information about the Swan
mailing list