Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

refer to http://www.kame.net/newsletter/20000912/.

  • Loading branch information...
commit 97a179aa9c95cdf974aa84e055db252d69ac2d55 1 parent c234886
sakane authored
Showing with 1 addition and 100 deletions.
  1. +1 −100 kame/kame/racoon/doc/README.certificate
View
101 kame/kame/racoon/doc/README.certificate
@@ -1,100 +1 @@
-$Id: README.certificate,v 1.7 2000/07/20 06:33:09 itojun Exp $
-
-This document describes how to use RSA signature authentication method
-with racoon.
-
-REQUIREMENTS
-============
-OpenSSL 0.9.4 or later
-
-CONFIGURATION
-=============
-To use RSA signature authentication method, you need to define some directive
-in a configuration file.
- - Define the directory for putting certificate files, by
- "path certificate" directive.
- - Define "x509" as "certificate_type", and specify cert file and
- private key file. Put these files into the directory defined above.
- - Define a type of your subject-alt-name as "identifier".
- "identifier" directive in "remote" directive refers to it.
- - Define "rsasig" as "authentication_method" directive.
-
-For example: negotiate IPsec keys with 194.100.55.1 (isakmp-test.ssh.fi),
-with UserFQDN "sakane@kame.net" as subject-alt-name.
-We put certificate files into /usr/local/openssl/certs.
-
- path certificate "/usr/local/openssl/certs" ;
- identifier user_fqdn "sakane@kame.net";
- remote 194.100.55.1
- {
- exchange_mode main;
- identifier user_fqdn;
- certificate_type x509 "sakane@kame.net.cert" "sakane@kame.net.priv";
- proposal {
- encryption_algorithm des;
- hash_algorithm md5;
- authentication_method rsasig ;
- dh_group modp768 ;
- }
- }
-
-
-TO GET YOUR CERT
-================
-- Make a new private/public key pair. You must use "privkey.pem" as the
- file name. For example, 1024bit private key can be generated by the
- following command:
-
- % openssl genrsa -out privkey.pem 1024
-
-- Make a PKCS#10 request, which is to be signed by your public key.
- The following example uses SHA1 as signature algorithm, and RSA with 1024bits.
-
- % openssl req -new -nodes -newkey rsa:1024 -sha1 -keyform PEM -keyout privkey.pem -outform PEM
- Using configuration from /usr/local/openssl/openssl.cnf
- Generating a 1024 bit RSA private key
- .........................+++++
- ........+++++
- writing new private key to 'privkey.pem'
- -----
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [AU]:JP
- State or Province Name (full name) [Some-State]:Kanagawa
- Locality Name (eg, city) []:Fujisawa
- Organization Name (eg, company) [Internet Widgits Pty Ltd]:WIDE Project
- Organizational Unit Name (eg, section) []:KAME Project
- Common Name (eg, YOUR name) []:Shoichi Sakane
- Email Address []:sakane@ydc.co.jp
-
- Please enter the following 'extra' attributes
- to be sent with your certificate request
- A challenge password []:
- An optional company name []:
- -----BEGIN CERTIFICATE REQUEST-----
- MIIB3DCCAUUCAQAwgZsxCzAJBgNVBAYTAkpQMREwDwYDVQQIEwhLYW5hZ2F3YTER
- MA8GA1UEBxMIRnVqaXNhd2ExFTATBgNVBAoTDFdJREUgUHJvamVjdDEVMBMGA1UE
- CxMMS0FNRSBQcm9qZWN0MRcwFQYDVQQDEw5TaG9pY2hpIFNha2FuZTEfMB0GCSqG
- SIb3DQEJARYQc2FrYW5lQHlkYy5jby5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
- gYkCgYEAuWE1jKVD8AvuM5x8Z6JzJlYeR+V+FZkFxv65Y8TQGyiZPOlvlb9JacaL
- JFYBjSuuno/t111tu3thggQwC80SUos0irG31i6SSusQMGmkoT1m/QHckZ4dlfxH
- yFLqwkV97qYGp/h55PuG8WwW+Imcbtd/RJHqD7gEWxPFhy9rmsMCAwEAAaAAMA0G
- CSqGSIb3DQEBBQUAA4GBAIinjgTTew5y1Y9dJg7aqy7jNRvDQC6iaR2s8KH6+TKq
- mf6prGWglUexG9P14JLZ41hcrHA5D+l2u2GPDsJyxY8qhkT8WATST5H5mg3L/4nt
- lE6ZtEvEE846jcVxfQuSjSEmbHb54uckb37NDDxOnGoU2FU6/fTP7OHH059iFwRz
- -----END CERTIFICATE REQUEST-----
-
-- Sign your PKCS#10 request with your public key.
- http://isakmp-test.ssh.fi/cgi-bin/nph-real-cert/cert.pem
- Don't forget to input your subject-alt-name.
-
- Alternatively, you can sign your certificate by yourself.
- reqest.pem is a PKCS#10 request file in PEM format.
-
- % openssl x509 -req -in reqest.pem -signkey privkey.pem -out cert.pem
-
+See http://www.kame.net/newsletter/20000912/
Please sign in to comment.
Something went wrong with that request. Please try again.